aws-sdk-securityhub 1.95.0 → 1.97.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +10 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-securityhub/client.rb +1672 -29
  5. data/lib/aws-sdk-securityhub/client_api.rb +593 -0
  6. data/lib/aws-sdk-securityhub/endpoint_provider.rb +1 -1
  7. data/lib/aws-sdk-securityhub/endpoints.rb +168 -0
  8. data/lib/aws-sdk-securityhub/errors.rb +21 -0
  9. data/lib/aws-sdk-securityhub/plugins/endpoints.rb +24 -0
  10. data/lib/aws-sdk-securityhub/types.rb +1681 -57
  11. data/lib/aws-sdk-securityhub.rb +1 -1
  12. metadata +2 -2
data/lib/aws-sdk-securityhub/client.rb CHANGED
@@ -845,10 +845,14 @@ module Aws::SecurityHub
845
845
  # resp.rules[0].criteria.confidence[0].gte #=> Float
846
846
  # resp.rules[0].criteria.confidence[0].lte #=> Float
847
847
  # resp.rules[0].criteria.confidence[0].eq #=> Float
848
+ # resp.rules[0].criteria.confidence[0].gt #=> Float
849
+ # resp.rules[0].criteria.confidence[0].lt #=> Float
848
850
  # resp.rules[0].criteria.criticality #=> Array
849
851
  # resp.rules[0].criteria.criticality[0].gte #=> Float
850
852
  # resp.rules[0].criteria.criticality[0].lte #=> Float
851
853
  # resp.rules[0].criteria.criticality[0].eq #=> Float
854
+ # resp.rules[0].criteria.criticality[0].gt #=> Float
855
+ # resp.rules[0].criteria.criticality[0].lt #=> Float
852
856
  # resp.rules[0].criteria.title #=> Array
853
857
  # resp.rules[0].criteria.title[0].value #=> String
854
858
  # resp.rules[0].criteria.title[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
@@ -926,6 +930,15 @@ module Aws::SecurityHub
926
930
  # resp.rules[0].criteria.user_defined_fields[0].key #=> String
927
931
  # resp.rules[0].criteria.user_defined_fields[0].value #=> String
928
932
  # resp.rules[0].criteria.user_defined_fields[0].comparison #=> String, one of "EQUALS", "NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
933
+ # resp.rules[0].criteria.resource_application_arn #=> Array
934
+ # resp.rules[0].criteria.resource_application_arn[0].value #=> String
935
+ # resp.rules[0].criteria.resource_application_arn[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
936
+ # resp.rules[0].criteria.resource_application_name #=> Array
937
+ # resp.rules[0].criteria.resource_application_name[0].value #=> String
938
+ # resp.rules[0].criteria.resource_application_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
939
+ # resp.rules[0].criteria.aws_account_name #=> Array
940
+ # resp.rules[0].criteria.aws_account_name[0].value #=> String
941
+ # resp.rules[0].criteria.aws_account_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
929
942
  # resp.rules[0].actions #=> Array
930
943
  # resp.rules[0].actions[0].type #=> String, one of "FINDING_FIELDS_UPDATE"
931
944
  # resp.rules[0].actions[0].finding_fields_update.note.text #=> String
@@ -961,6 +974,108 @@ module Aws::SecurityHub
961
974
  req.send_request(options)
962
975
  end
963
976
 
977
+ # Returns associations between an Security Hub configuration and a batch
978
+ # of target accounts, organizational units, or the root. Only the
979
+ # Security Hub delegated administrator can invoke this operation from
980
+ # the home Region. A configuration can refer to a configuration policy
981
+ # or to a self-managed configuration.
982
+ #
983
+ # @option params [required, Array<Types::ConfigurationPolicyAssociation>] :configuration_policy_association_identifiers
984
+ # Specifies one or more target account IDs, organizational unit (OU)
985
+ # IDs, or the root ID to retrieve associations for.
986
+ #
987
+ # @return [Types::BatchGetConfigurationPolicyAssociationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
988
+ #
989
+ # * {Types::BatchGetConfigurationPolicyAssociationsResponse#configuration_policy_associations #configuration_policy_associations} => Array&lt;Types::ConfigurationPolicyAssociationSummary&gt;
990
+ # * {Types::BatchGetConfigurationPolicyAssociationsResponse#unprocessed_configuration_policy_associations #unprocessed_configuration_policy_associations} => Array&lt;Types::UnprocessedConfigurationPolicyAssociation&gt;
991
+ #
992
+ #
993
+ # @example Example: To get configuration associations for a batch of targets
994
+ #
995
+ # # This operation provides details about configuration associations for a batch of target accounts, organizational units,
996
+ # # or the root.
997
+ #
998
+ # resp = client.batch_get_configuration_policy_associations({
999
+ # configuration_policy_association_identifiers: [
1000
+ # {
1001
+ # target: {
1002
+ # account_id: "111122223333",
1003
+ # },
1004
+ # },
1005
+ # {
1006
+ # target: {
1007
+ # root_id: "r-f6g7h8i9j0example",
1008
+ # },
1009
+ # },
1010
+ # ],
1011
+ # })
1012
+ #
1013
+ # resp.to_h outputs the following:
1014
+ # {
1015
+ # configuration_policy_associations: [
1016
+ # {
1017
+ # association_status: "SUCCESS",
1018
+ # association_status_message: "This field is only populated for a failed association",
1019
+ # association_type: "INHERITED",
1020
+ # configuration_policy_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
1021
+ # target_id: "111122223333",
1022
+ # target_type: "ACCOUNT",
1023
+ # updated_at: Time.parse("2023-01-11T06:17:17.154Z"),
1024
+ # },
1025
+ # ],
1026
+ # unprocessed_configuration_policy_associations: [
1027
+ # {
1028
+ # configuration_policy_association_identifiers: {
1029
+ # target: {
1030
+ # root_id: "r-f6g7h8i9j0example",
1031
+ # },
1032
+ # },
1033
+ # error_code: "400",
1034
+ # error_reason: "You do not have sufficient access to perform this action.",
1035
+ # },
1036
+ # ],
1037
+ # }
1038
+ #
1039
+ # @example Request syntax with placeholder values
1040
+ #
1041
+ # resp = client.batch_get_configuration_policy_associations({
1042
+ # configuration_policy_association_identifiers: [ # required
1043
+ # {
1044
+ # target: {
1045
+ # account_id: "NonEmptyString",
1046
+ # organizational_unit_id: "NonEmptyString",
1047
+ # root_id: "NonEmptyString",
1048
+ # },
1049
+ # },
1050
+ # ],
1051
+ # })
1052
+ #
1053
+ # @example Response structure
1054
+ #
1055
+ # resp.configuration_policy_associations #=> Array
1056
+ # resp.configuration_policy_associations[0].configuration_policy_id #=> String
1057
+ # resp.configuration_policy_associations[0].target_id #=> String
1058
+ # resp.configuration_policy_associations[0].target_type #=> String, one of "ACCOUNT", "ORGANIZATIONAL_UNIT"
1059
+ # resp.configuration_policy_associations[0].association_type #=> String, one of "INHERITED", "APPLIED"
1060
+ # resp.configuration_policy_associations[0].updated_at #=> Time
1061
+ # resp.configuration_policy_associations[0].association_status #=> String, one of "PENDING", "SUCCESS", "FAILED"
1062
+ # resp.configuration_policy_associations[0].association_status_message #=> String
1063
+ # resp.unprocessed_configuration_policy_associations #=> Array
1064
+ # resp.unprocessed_configuration_policy_associations[0].configuration_policy_association_identifiers.target.account_id #=> String
1065
+ # resp.unprocessed_configuration_policy_associations[0].configuration_policy_association_identifiers.target.organizational_unit_id #=> String
1066
+ # resp.unprocessed_configuration_policy_associations[0].configuration_policy_association_identifiers.target.root_id #=> String
1067
+ # resp.unprocessed_configuration_policy_associations[0].error_code #=> String
1068
+ # resp.unprocessed_configuration_policy_associations[0].error_reason #=> String
1069
+ #
1070
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetConfigurationPolicyAssociations AWS API Documentation
1071
+ #
1072
+ # @overload batch_get_configuration_policy_associations(params = {})
1073
+ # @param [Hash] params ({})
1074
+ def batch_get_configuration_policy_associations(params = {}, options = {})
1075
+ req = build_request(:batch_get_configuration_policy_associations, params)
1076
+ req.send_request(options)
1077
+ end
1078
+
964
1079
  # Provides details about a batch of security controls for the current
965
1080
  # Amazon Web Services account and Amazon Web Services Region.
966
1081
  #
@@ -991,21 +1106,41 @@ module Aws::SecurityHub
991
1106
  # security_controls: [
992
1107
  # {
993
1108
  # description: "This AWS control checks whether ACM Certificates in your account are marked for expiration within a specified time period. Certificates provided by ACM are automatically renewed. ACM does not automatically renew certificates that you import.",
1109
+ # last_update_reason: "Stayed with default value",
1110
+ # parameters: {
1111
+ # "daysToExpiration" => {
1112
+ # value: {
1113
+ # integer: 30,
1114
+ # },
1115
+ # value_type: "DEFAULT",
1116
+ # },
1117
+ # },
994
1118
  # remediation_url: "https://docs.aws.amazon.com/console/securityhub/ACM.1/remediation",
995
1119
  # security_control_arn: "arn:aws:securityhub:us-west-2:123456789012:security-control/ACM.1",
996
1120
  # security_control_id: "ACM.1",
997
1121
  # security_control_status: "ENABLED",
998
1122
  # severity_rating: "MEDIUM",
999
1123
  # title: "Imported and ACM-issued certificates should be renewed after a specified time period",
1124
+ # update_status: "UPDATING",
1000
1125
  # },
1001
1126
  # {
1002
1127
  # description: "This control checks whether all stages of Amazon API Gateway REST and WebSocket APIs have logging enabled. The control fails if logging is not enabled for all methods of a stage or if loggingLevel is neither ERROR nor INFO.",
1128
+ # last_update_reason: "Updated control parameters to comply with internal requirements",
1129
+ # parameters: {
1130
+ # "loggingLevel" => {
1131
+ # value: {
1132
+ # enum: "ERROR",
1133
+ # },
1134
+ # value_type: "CUSTOM",
1135
+ # },
1136
+ # },
1003
1137
  # remediation_url: "https://docs.aws.amazon.com/console/securityhub/APIGateway.1/remediation",
1004
1138
  # security_control_arn: "arn:aws:securityhub:us-west-2:123456789012:security-control/APIGateway.1",
1005
1139
  # security_control_id: "APIGateway.1",
1006
1140
  # security_control_status: "ENABLED",
1007
1141
  # severity_rating: "MEDIUM",
1008
1142
  # title: "API Gateway REST and WebSocket API execution logging should be enabled",
1143
+ # update_status: "UPDATING",
1009
1144
  # },
1010
1145
  # ],
1011
1146
  # }
@@ -1026,6 +1161,21 @@ module Aws::SecurityHub
1026
1161
  # resp.security_controls[0].remediation_url #=> String
1027
1162
  # resp.security_controls[0].severity_rating #=> String, one of "LOW", "MEDIUM", "HIGH", "CRITICAL"
1028
1163
  # resp.security_controls[0].security_control_status #=> String, one of "ENABLED", "DISABLED"
1164
+ # resp.security_controls[0].update_status #=> String, one of "READY", "UPDATING"
1165
+ # resp.security_controls[0].parameters #=> Hash
1166
+ # resp.security_controls[0].parameters["NonEmptyString"].value_type #=> String, one of "DEFAULT", "CUSTOM"
1167
+ # resp.security_controls[0].parameters["NonEmptyString"].value.integer #=> Integer
1168
+ # resp.security_controls[0].parameters["NonEmptyString"].value.integer_list #=> Array
1169
+ # resp.security_controls[0].parameters["NonEmptyString"].value.integer_list[0] #=> Integer
1170
+ # resp.security_controls[0].parameters["NonEmptyString"].value.double #=> Float
1171
+ # resp.security_controls[0].parameters["NonEmptyString"].value.string #=> String
1172
+ # resp.security_controls[0].parameters["NonEmptyString"].value.string_list #=> Array
1173
+ # resp.security_controls[0].parameters["NonEmptyString"].value.string_list[0] #=> String
1174
+ # resp.security_controls[0].parameters["NonEmptyString"].value.boolean #=> Boolean
1175
+ # resp.security_controls[0].parameters["NonEmptyString"].value.enum #=> String
1176
+ # resp.security_controls[0].parameters["NonEmptyString"].value.enum_list #=> Array
1177
+ # resp.security_controls[0].parameters["NonEmptyString"].value.enum_list[0] #=> String
1178
+ # resp.security_controls[0].last_update_reason #=> String
1029
1179
  # resp.unprocessed_ids #=> Array
1030
1180
  # resp.unprocessed_ids[0].security_control_id #=> String
1031
1181
  # resp.unprocessed_ids[0].error_code #=> String, one of "INVALID_INPUT", "ACCESS_DENIED", "NOT_FOUND", "LIMIT_EXCEEDED"
@@ -1403,6 +1553,8 @@ module Aws::SecurityHub
1403
1553
  # gte: 1.0,
1404
1554
  # lte: 1.0,
1405
1555
  # eq: 1.0,
1556
+ # gt: 1.0,
1557
+ # lt: 1.0,
1406
1558
  # },
1407
1559
  # ],
1408
1560
  # criticality: [
@@ -1410,6 +1562,8 @@ module Aws::SecurityHub
1410
1562
  # gte: 1.0,
1411
1563
  # lte: 1.0,
1412
1564
  # eq: 1.0,
1565
+ # gt: 1.0,
1566
+ # lt: 1.0,
1413
1567
  # },
1414
1568
  # ],
1415
1569
  # title: [
@@ -1563,6 +1717,24 @@ module Aws::SecurityHub
1563
1717
  # comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
1564
1718
  # },
1565
1719
  # ],
1720
+ # resource_application_arn: [
1721
+ # {
1722
+ # value: "NonEmptyString",
1723
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
1724
+ # },
1725
+ # ],
1726
+ # resource_application_name: [
1727
+ # {
1728
+ # value: "NonEmptyString",
1729
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
1730
+ # },
1731
+ # ],
1732
+ # aws_account_name: [
1733
+ # {
1734
+ # value: "NonEmptyString",
1735
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
1736
+ # },
1737
+ # ],
1566
1738
  # },
1567
1739
  # actions: [
1568
1740
  # {
@@ -1992,7 +2164,7 @@ module Aws::SecurityHub
1992
2164
  # Creates an automation rule based on input parameters.
1993
2165
  #
1994
2166
  # @option params [Hash<String,String>] :tags
1995
- # User-defined tags that help you label the purpose of a rule.
2167
+ # User-defined tags associated with an automation rule.
1996
2168
  #
1997
2169
  # @option params [String] :rule_status
1998
2170
  # Whether the rule is active after it is created. If this parameter is
@@ -2192,6 +2364,8 @@ module Aws::SecurityHub
2192
2364
  # gte: 1.0,
2193
2365
  # lte: 1.0,
2194
2366
  # eq: 1.0,
2367
+ # gt: 1.0,
2368
+ # lt: 1.0,
2195
2369
  # },
2196
2370
  # ],
2197
2371
  # criticality: [
@@ -2199,6 +2373,8 @@ module Aws::SecurityHub
2199
2373
  # gte: 1.0,
2200
2374
  # lte: 1.0,
2201
2375
  # eq: 1.0,
2376
+ # gt: 1.0,
2377
+ # lt: 1.0,
2202
2378
  # },
2203
2379
  # ],
2204
2380
  # title: [
@@ -2352,6 +2528,24 @@ module Aws::SecurityHub
2352
2528
  # comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
2353
2529
  # },
2354
2530
  # ],
2531
+ # resource_application_arn: [
2532
+ # {
2533
+ # value: "NonEmptyString",
2534
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
2535
+ # },
2536
+ # ],
2537
+ # resource_application_name: [
2538
+ # {
2539
+ # value: "NonEmptyString",
2540
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
2541
+ # },
2542
+ # ],
2543
+ # aws_account_name: [
2544
+ # {
2545
+ # value: "NonEmptyString",
2546
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
2547
+ # },
2548
+ # ],
2355
2549
  # },
2356
2550
  # actions: [ # required
2357
2551
  # {
@@ -2400,6 +2594,200 @@ module Aws::SecurityHub
2400
2594
  req.send_request(options)
2401
2595
  end
2402
2596
 
2597
+ # Creates a configuration policy with the defined configuration. Only
2598
+ # the Security Hub delegated administrator can invoke this operation
2599
+ # from the home Region.
2600
+ #
2601
+ # @option params [required, String] :name
2602
+ # The name of the configuration policy.
2603
+ #
2604
+ # @option params [String] :description
2605
+ # The description of the configuration policy.
2606
+ #
2607
+ # @option params [required, Types::Policy] :configuration_policy
2608
+ # An object that defines how Security Hub is configured. It includes
2609
+ # whether Security Hub is enabled or disabled, a list of enabled
2610
+ # security standards, a list of enabled or disabled security controls,
2611
+ # and a list of custom parameter values for specified controls. If you
2612
+ # provide a list of security controls that are enabled in the
2613
+ # configuration policy, Security Hub disables all other controls
2614
+ # (including newly released controls). If you provide a list of security
2615
+ # controls that are disabled in the configuration policy, Security Hub
2616
+ # enables all other controls (including newly released controls).
2617
+ #
2618
+ # @option params [Hash<String,String>] :tags
2619
+ # User-defined tags associated with a configuration policy. For more
2620
+ # information, see [Tagging Security Hub resources][1] in the *Security
2621
+ # Hub user guide*.
2622
+ #
2623
+ #
2624
+ #
2625
+ # [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/tagging-resources.html
2626
+ #
2627
+ # @return [Types::CreateConfigurationPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2628
+ #
2629
+ # * {Types::CreateConfigurationPolicyResponse#arn #arn} => String
2630
+ # * {Types::CreateConfigurationPolicyResponse#id #id} => String
2631
+ # * {Types::CreateConfigurationPolicyResponse#name #name} => String
2632
+ # * {Types::CreateConfigurationPolicyResponse#description #description} => String
2633
+ # * {Types::CreateConfigurationPolicyResponse#updated_at #updated_at} => Time
2634
+ # * {Types::CreateConfigurationPolicyResponse#created_at #created_at} => Time
2635
+ # * {Types::CreateConfigurationPolicyResponse#configuration_policy #configuration_policy} => Types::Policy
2636
+ #
2637
+ #
2638
+ # @example Example: To create a configuration policy
2639
+ #
2640
+ # # This operation creates a configuration policy in Security Hub.
2641
+ #
2642
+ # resp = client.create_configuration_policy({
2643
+ # configuration_policy: {
2644
+ # security_hub: {
2645
+ # enabled_standard_identifiers: [
2646
+ # "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
2647
+ # "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
2648
+ # ],
2649
+ # security_controls_configuration: {
2650
+ # disabled_security_control_identifiers: [
2651
+ # "CloudWatch.1",
2652
+ # ],
2653
+ # security_control_custom_parameters: [
2654
+ # {
2655
+ # parameters: {
2656
+ # "daysToExpiration" => {
2657
+ # value: {
2658
+ # integer: 14,
2659
+ # },
2660
+ # value_type: "CUSTOM",
2661
+ # },
2662
+ # },
2663
+ # security_control_id: "ACM.1",
2664
+ # },
2665
+ # ],
2666
+ # },
2667
+ # service_enabled: true,
2668
+ # },
2669
+ # },
2670
+ # description: "Configuration policy for testing FSBP and CIS",
2671
+ # name: "TestConfigurationPolicy",
2672
+ # })
2673
+ #
2674
+ # resp.to_h outputs the following:
2675
+ # {
2676
+ # arn: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
2677
+ # configuration_policy: {
2678
+ # security_hub: {
2679
+ # enabled_standard_identifiers: [
2680
+ # "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
2681
+ # "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
2682
+ # ],
2683
+ # security_controls_configuration: {
2684
+ # disabled_security_control_identifiers: [
2685
+ # "CloudWatch.1",
2686
+ # ],
2687
+ # security_control_custom_parameters: [
2688
+ # {
2689
+ # parameters: {
2690
+ # "daysToExpiration" => {
2691
+ # value: {
2692
+ # integer: 14,
2693
+ # },
2694
+ # value_type: "CUSTOM",
2695
+ # },
2696
+ # },
2697
+ # security_control_id: "ACM.1",
2698
+ # },
2699
+ # ],
2700
+ # },
2701
+ # service_enabled: true,
2702
+ # },
2703
+ # },
2704
+ # created_at: Time.parse("2023-01-11T06:17:17.154Z"),
2705
+ # description: "Configuration policy for testing FSBP and CIS",
2706
+ # id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
2707
+ # name: "TestConfigurationPolicy",
2708
+ # updated_at: Time.parse("2023-01-11T06:17:17.154Z"),
2709
+ # }
2710
+ #
2711
+ # @example Request syntax with placeholder values
2712
+ #
2713
+ # resp = client.create_configuration_policy({
2714
+ # name: "NonEmptyString", # required
2715
+ # description: "NonEmptyString",
2716
+ # configuration_policy: { # required
2717
+ # security_hub: {
2718
+ # service_enabled: false,
2719
+ # enabled_standard_identifiers: ["NonEmptyString"],
2720
+ # security_controls_configuration: {
2721
+ # enabled_security_control_identifiers: ["NonEmptyString"],
2722
+ # disabled_security_control_identifiers: ["NonEmptyString"],
2723
+ # security_control_custom_parameters: [
2724
+ # {
2725
+ # security_control_id: "NonEmptyString",
2726
+ # parameters: {
2727
+ # "NonEmptyString" => {
2728
+ # value_type: "DEFAULT", # required, accepts DEFAULT, CUSTOM
2729
+ # value: {
2730
+ # integer: 1,
2731
+ # integer_list: [1],
2732
+ # double: 1.0,
2733
+ # string: "NonEmptyString",
2734
+ # string_list: ["NonEmptyString"],
2735
+ # boolean: false,
2736
+ # enum: "NonEmptyString",
2737
+ # enum_list: ["NonEmptyString"],
2738
+ # },
2739
+ # },
2740
+ # },
2741
+ # },
2742
+ # ],
2743
+ # },
2744
+ # },
2745
+ # },
2746
+ # tags: {
2747
+ # "TagKey" => "TagValue",
2748
+ # },
2749
+ # })
2750
+ #
2751
+ # @example Response structure
2752
+ #
2753
+ # resp.arn #=> String
2754
+ # resp.id #=> String
2755
+ # resp.name #=> String
2756
+ # resp.description #=> String
2757
+ # resp.updated_at #=> Time
2758
+ # resp.created_at #=> Time
2759
+ # resp.configuration_policy.security_hub.service_enabled #=> Boolean
2760
+ # resp.configuration_policy.security_hub.enabled_standard_identifiers #=> Array
2761
+ # resp.configuration_policy.security_hub.enabled_standard_identifiers[0] #=> String
2762
+ # resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers #=> Array
2763
+ # resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers[0] #=> String
2764
+ # resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers #=> Array
2765
+ # resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers[0] #=> String
2766
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters #=> Array
2767
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].security_control_id #=> String
2768
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters #=> Hash
2769
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value_type #=> String, one of "DEFAULT", "CUSTOM"
2770
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer #=> Integer
2771
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list #=> Array
2772
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list[0] #=> Integer
2773
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.double #=> Float
2774
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string #=> String
2775
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list #=> Array
2776
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list[0] #=> String
2777
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.boolean #=> Boolean
2778
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum #=> String
2779
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list #=> Array
2780
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list[0] #=> String
2781
+ #
2782
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateConfigurationPolicy AWS API Documentation
2783
+ #
2784
+ # @overload create_configuration_policy(params = {})
2785
+ # @param [Hash] params ({})
2786
+ def create_configuration_policy(params = {}, options = {})
2787
+ req = build_request(:create_configuration_policy, params)
2788
+ req.send_request(options)
2789
+ end
2790
+
2403
2791
  # Used to enable finding aggregation. Must be called from the
2404
2792
  # aggregation Region.
2405
2793
  #
@@ -2641,6 +3029,8 @@ module Aws::SecurityHub
2641
3029
  # gte: 1.0,
2642
3030
  # lte: 1.0,
2643
3031
  # eq: 1.0,
3032
+ # gt: 1.0,
3033
+ # lt: 1.0,
2644
3034
  # },
2645
3035
  # ],
2646
3036
  # severity_normalized: [
@@ -2648,6 +3038,8 @@ module Aws::SecurityHub
2648
3038
  # gte: 1.0,
2649
3039
  # lte: 1.0,
2650
3040
  # eq: 1.0,
3041
+ # gt: 1.0,
3042
+ # lt: 1.0,
2651
3043
  # },
2652
3044
  # ],
2653
3045
  # severity_label: [
@@ -2661,6 +3053,8 @@ module Aws::SecurityHub
2661
3053
  # gte: 1.0,
2662
3054
  # lte: 1.0,
2663
3055
  # eq: 1.0,
3056
+ # gt: 1.0,
3057
+ # lt: 1.0,
2664
3058
  # },
2665
3059
  # ],
2666
3060
  # criticality: [
@@ -2668,6 +3062,8 @@ module Aws::SecurityHub
2668
3062
  # gte: 1.0,
2669
3063
  # lte: 1.0,
2670
3064
  # eq: 1.0,
3065
+ # gt: 1.0,
3066
+ # lt: 1.0,
2671
3067
  # },
2672
3068
  # ],
2673
3069
  # title: [
@@ -2771,6 +3167,8 @@ module Aws::SecurityHub
2771
3167
  # gte: 1.0,
2772
3168
  # lte: 1.0,
2773
3169
  # eq: 1.0,
3170
+ # gt: 1.0,
3171
+ # lt: 1.0,
2774
3172
  # },
2775
3173
  # ],
2776
3174
  # network_source_domain: [
@@ -2800,6 +3198,8 @@ module Aws::SecurityHub
2800
3198
  # gte: 1.0,
2801
3199
  # lte: 1.0,
2802
3200
  # eq: 1.0,
3201
+ # gt: 1.0,
3202
+ # lt: 1.0,
2803
3203
  # },
2804
3204
  # ],
2805
3205
  # network_destination_domain: [
@@ -2825,6 +3225,8 @@ module Aws::SecurityHub
2825
3225
  # gte: 1.0,
2826
3226
  # lte: 1.0,
2827
3227
  # eq: 1.0,
3228
+ # gt: 1.0,
3229
+ # lt: 1.0,
2828
3230
  # },
2829
3231
  # ],
2830
3232
  # process_parent_pid: [
@@ -2832,6 +3234,8 @@ module Aws::SecurityHub
2832
3234
  # gte: 1.0,
2833
3235
  # lte: 1.0,
2834
3236
  # eq: 1.0,
3237
+ # gt: 1.0,
3238
+ # lt: 1.0,
2835
3239
  # },
2836
3240
  # ],
2837
3241
  # process_launched_at: [
@@ -3136,6 +3540,8 @@ module Aws::SecurityHub
3136
3540
  # gte: 1.0,
3137
3541
  # lte: 1.0,
3138
3542
  # eq: 1.0,
3543
+ # gt: 1.0,
3544
+ # lt: 1.0,
3139
3545
  # },
3140
3546
  # ],
3141
3547
  # finding_provider_fields_criticality: [
@@ -3143,6 +3549,8 @@ module Aws::SecurityHub
3143
3549
  # gte: 1.0,
3144
3550
  # lte: 1.0,
3145
3551
  # eq: 1.0,
3552
+ # gt: 1.0,
3553
+ # lt: 1.0,
3146
3554
  # },
3147
3555
  # ],
3148
3556
  # finding_provider_fields_related_findings_id: [
@@ -3192,6 +3600,48 @@ module Aws::SecurityHub
3192
3600
  # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
3193
3601
  # },
3194
3602
  # ],
3603
+ # vulnerabilities_exploit_available: [
3604
+ # {
3605
+ # value: "NonEmptyString",
3606
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
3607
+ # },
3608
+ # ],
3609
+ # vulnerabilities_fix_available: [
3610
+ # {
3611
+ # value: "NonEmptyString",
3612
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
3613
+ # },
3614
+ # ],
3615
+ # compliance_security_control_parameters_name: [
3616
+ # {
3617
+ # value: "NonEmptyString",
3618
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
3619
+ # },
3620
+ # ],
3621
+ # compliance_security_control_parameters_value: [
3622
+ # {
3623
+ # value: "NonEmptyString",
3624
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
3625
+ # },
3626
+ # ],
3627
+ # aws_account_name: [
3628
+ # {
3629
+ # value: "NonEmptyString",
3630
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
3631
+ # },
3632
+ # ],
3633
+ # resource_application_name: [
3634
+ # {
3635
+ # value: "NonEmptyString",
3636
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
3637
+ # },
3638
+ # ],
3639
+ # resource_application_arn: [
3640
+ # {
3641
+ # value: "NonEmptyString",
3642
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
3643
+ # },
3644
+ # ],
3195
3645
  # },
3196
3646
  # group_by_attribute: "NonEmptyString", # required
3197
3647
  # })
@@ -3420,6 +3870,42 @@ module Aws::SecurityHub
3420
3870
  req.send_request(options)
3421
3871
  end
3422
3872
 
3873
+ # Deletes a configuration policy. Only the Security Hub delegated
3874
+ # administrator can invoke this operation from the home Region. For the
3875
+ # deletion to succeed, you must first disassociate a configuration
3876
+ # policy from target accounts, organizational units, or the root by
3877
+ # invoking the `StartConfigurationPolicyDisassociation` operation.
3878
+ #
3879
+ # @option params [required, String] :identifier
3880
+ # The Amazon Resource Name (ARN) or universally unique identifier (UUID)
3881
+ # of the configuration policy.
3882
+ #
3883
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
3884
+ #
3885
+ #
3886
+ # @example Example: To delete a configuration policy
3887
+ #
3888
+ # # This operation deletes the specified configuration policy.
3889
+ #
3890
+ # resp = client.delete_configuration_policy({
3891
+ # identifier: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
3892
+ # })
3893
+ #
3894
+ # @example Request syntax with placeholder values
3895
+ #
3896
+ # resp = client.delete_configuration_policy({
3897
+ # identifier: "NonEmptyString", # required
3898
+ # })
3899
+ #
3900
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteConfigurationPolicy AWS API Documentation
3901
+ #
3902
+ # @overload delete_configuration_policy(params = {})
3903
+ # @param [Hash] params ({})
3904
+ def delete_configuration_policy(params = {}, options = {})
3905
+ req = build_request(:delete_configuration_policy, params)
3906
+ req.send_request(options)
3907
+ end
3908
+
3423
3909
  # Deletes a finding aggregator. When you delete the finding aggregator,
3424
3910
  # you stop finding aggregation.
3425
3911
  #
@@ -3739,29 +4225,35 @@ module Aws::SecurityHub
3739
4225
  req.send_request(options)
3740
4226
  end
3741
4227
 
3742
- # Returns information about the Organizations configuration for Security
3743
- # Hub. Can only be called from a Security Hub administrator account.
4228
+ # Returns information about the way your organization is configured in
4229
+ # Security Hub. Only the Security Hub administrator account can invoke
4230
+ # this operation.
3744
4231
  #
3745
4232
  # @return [Types::DescribeOrganizationConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3746
4233
  #
3747
4234
  # * {Types::DescribeOrganizationConfigurationResponse#auto_enable #auto_enable} => Boolean
3748
4235
  # * {Types::DescribeOrganizationConfigurationResponse#member_account_limit_reached #member_account_limit_reached} => Boolean
3749
4236
  # * {Types::DescribeOrganizationConfigurationResponse#auto_enable_standards #auto_enable_standards} => String
4237
+ # * {Types::DescribeOrganizationConfigurationResponse#organization_configuration #organization_configuration} => Types::OrganizationConfiguration
3750
4238
  #
3751
4239
  #
3752
- # @example Example: To get information about Organizations configuration
4240
+ # @example Example: To get information about organization configuration
3753
4241
  #
3754
- # # The following example returns details about the way in which AWS Organizations is configured for a Security Hub account
3755
- # # that belongs to an organization. Only a Security Hub administrator account can call this operation.
4242
+ # # This operation provides information about the way your organization is configured in Security Hub. Only a Security Hub
4243
+ # # administrator account can invoke this operation.
3756
4244
  #
3757
4245
  # resp = client.describe_organization_configuration({
3758
4246
  # })
3759
4247
  #
3760
4248
  # resp.to_h outputs the following:
3761
4249
  # {
3762
- # auto_enable: true,
3763
- # auto_enable_standards: "DEFAULT",
3764
- # member_account_limit_reached: true,
4250
+ # auto_enable: false,
4251
+ # auto_enable_standards: "NONE",
4252
+ # member_account_limit_reached: false,
4253
+ # organization_configuration: {
4254
+ # configuration_type: "CENTRAL",
4255
+ # status: "ENABLED",
4256
+ # },
3765
4257
  # }
3766
4258
  #
3767
4259
  # @example Response structure
@@ -3769,6 +4261,9 @@ module Aws::SecurityHub
3769
4261
  # resp.auto_enable #=> Boolean
3770
4262
  # resp.member_account_limit_reached #=> Boolean
3771
4263
  # resp.auto_enable_standards #=> String, one of "NONE", "DEFAULT"
4264
+ # resp.organization_configuration.configuration_type #=> String, one of "CENTRAL", "LOCAL"
4265
+ # resp.organization_configuration.status #=> String, one of "PENDING", "ENABLED", "FAILED"
4266
+ # resp.organization_configuration.status_message #=> String
3772
4267
  #
3773
4268
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeOrganizationConfiguration AWS API Documentation
3774
4269
  #
@@ -4492,6 +4987,188 @@ module Aws::SecurityHub
4492
4987
  req.send_request(options)
4493
4988
  end
4494
4989
 
4990
+ # Provides information about a configuration policy. Only the Security
4991
+ # Hub delegated administrator can invoke this operation from the home
4992
+ # Region.
4993
+ #
4994
+ # @option params [required, String] :identifier
4995
+ # The Amazon Resource Name (ARN) or universally unique identifier (UUID)
4996
+ # of the configuration policy.
4997
+ #
4998
+ # @return [Types::GetConfigurationPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
4999
+ #
5000
+ # * {Types::GetConfigurationPolicyResponse#arn #arn} => String
5001
+ # * {Types::GetConfigurationPolicyResponse#id #id} => String
5002
+ # * {Types::GetConfigurationPolicyResponse#name #name} => String
5003
+ # * {Types::GetConfigurationPolicyResponse#description #description} => String
5004
+ # * {Types::GetConfigurationPolicyResponse#updated_at #updated_at} => Time
5005
+ # * {Types::GetConfigurationPolicyResponse#created_at #created_at} => Time
5006
+ # * {Types::GetConfigurationPolicyResponse#configuration_policy #configuration_policy} => Types::Policy
5007
+ #
5008
+ #
5009
+ # @example Example: To get details about a configuration policy
5010
+ #
5011
+ # # This operation provides details about the specified configuration policy.
5012
+ #
5013
+ # resp = client.get_configuration_policy({
5014
+ # identifier: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
5015
+ # })
5016
+ #
5017
+ # resp.to_h outputs the following:
5018
+ # {
5019
+ # arn: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
5020
+ # configuration_policy: {
5021
+ # security_hub: {
5022
+ # enabled_standard_identifiers: [
5023
+ # "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
5024
+ # "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
5025
+ # ],
5026
+ # security_controls_configuration: {
5027
+ # disabled_security_control_identifiers: [
5028
+ # "CloudWatch.1",
5029
+ # ],
5030
+ # security_control_custom_parameters: [
5031
+ # {
5032
+ # parameters: {
5033
+ # "daysToExpiration" => {
5034
+ # value: {
5035
+ # integer: 14,
5036
+ # },
5037
+ # value_type: "CUSTOM",
5038
+ # },
5039
+ # },
5040
+ # security_control_id: "ACM.1",
5041
+ # },
5042
+ # ],
5043
+ # },
5044
+ # service_enabled: true,
5045
+ # },
5046
+ # },
5047
+ # created_at: Time.parse("2023-01-11T06:17:17.154Z"),
5048
+ # description: "Configuration policy for testing FSBP and CIS",
5049
+ # id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
5050
+ # name: "TestConfigurationPolicy",
5051
+ # updated_at: Time.parse("2023-01-11T06:17:17.154Z"),
5052
+ # }
5053
+ #
5054
+ # @example Request syntax with placeholder values
5055
+ #
5056
+ # resp = client.get_configuration_policy({
5057
+ # identifier: "NonEmptyString", # required
5058
+ # })
5059
+ #
5060
+ # @example Response structure
5061
+ #
5062
+ # resp.arn #=> String
5063
+ # resp.id #=> String
5064
+ # resp.name #=> String
5065
+ # resp.description #=> String
5066
+ # resp.updated_at #=> Time
5067
+ # resp.created_at #=> Time
5068
+ # resp.configuration_policy.security_hub.service_enabled #=> Boolean
5069
+ # resp.configuration_policy.security_hub.enabled_standard_identifiers #=> Array
5070
+ # resp.configuration_policy.security_hub.enabled_standard_identifiers[0] #=> String
5071
+ # resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers #=> Array
5072
+ # resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers[0] #=> String
5073
+ # resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers #=> Array
5074
+ # resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers[0] #=> String
5075
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters #=> Array
5076
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].security_control_id #=> String
5077
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters #=> Hash
5078
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value_type #=> String, one of "DEFAULT", "CUSTOM"
5079
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer #=> Integer
5080
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list #=> Array
5081
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list[0] #=> Integer
5082
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.double #=> Float
5083
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string #=> String
5084
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list #=> Array
5085
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list[0] #=> String
5086
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.boolean #=> Boolean
5087
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum #=> String
5088
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list #=> Array
5089
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list[0] #=> String
5090
+ #
5091
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicy AWS API Documentation
5092
+ #
5093
+ # @overload get_configuration_policy(params = {})
5094
+ # @param [Hash] params ({})
5095
+ def get_configuration_policy(params = {}, options = {})
5096
+ req = build_request(:get_configuration_policy, params)
5097
+ req.send_request(options)
5098
+ end
5099
+
5100
+ # Returns the association between a configuration and a target account,
5101
+ # organizational unit, or the root. The configuration can be a
5102
+ # configuration policy or self-managed behavior. Only the Security Hub
5103
+ # delegated administrator can invoke this operation from the home
5104
+ # Region.
5105
+ #
5106
+ # @option params [required, Types::Target] :target
5107
+ # The target account ID, organizational unit ID, or the root ID to
5108
+ # retrieve the association for.
5109
+ #
5110
+ # @return [Types::GetConfigurationPolicyAssociationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
5111
+ #
5112
+ # * {Types::GetConfigurationPolicyAssociationResponse#configuration_policy_id #configuration_policy_id} => String
5113
+ # * {Types::GetConfigurationPolicyAssociationResponse#target_id #target_id} => String
5114
+ # * {Types::GetConfigurationPolicyAssociationResponse#target_type #target_type} => String
5115
+ # * {Types::GetConfigurationPolicyAssociationResponse#association_type #association_type} => String
5116
+ # * {Types::GetConfigurationPolicyAssociationResponse#updated_at #updated_at} => Time
5117
+ # * {Types::GetConfigurationPolicyAssociationResponse#association_status #association_status} => String
5118
+ # * {Types::GetConfigurationPolicyAssociationResponse#association_status_message #association_status_message} => String
5119
+ #
5120
+ #
5121
+ # @example Example: To get details about a configuration association
5122
+ #
5123
+ # # This operation provides details about configuration associations for a specific target account, organizational unit, or
5124
+ # # the root.
5125
+ #
5126
+ # resp = client.get_configuration_policy_association({
5127
+ # target: {
5128
+ # account_id: "111122223333",
5129
+ # },
5130
+ # })
5131
+ #
5132
+ # resp.to_h outputs the following:
5133
+ # {
5134
+ # association_status: "FAILED",
5135
+ # association_status_message: "Configuration Policy a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 couldn\u2019t be applied to account 111122223333 in us-east-1 Region. Retry your request.",
5136
+ # association_type: "INHERITED",
5137
+ # configuration_policy_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
5138
+ # target_id: "111122223333",
5139
+ # target_type: "ACCOUNT",
5140
+ # updated_at: Time.parse("2023-01-11T06:17:17.154Z"),
5141
+ # }
5142
+ #
5143
+ # @example Request syntax with placeholder values
5144
+ #
5145
+ # resp = client.get_configuration_policy_association({
5146
+ # target: { # required
5147
+ # account_id: "NonEmptyString",
5148
+ # organizational_unit_id: "NonEmptyString",
5149
+ # root_id: "NonEmptyString",
5150
+ # },
5151
+ # })
5152
+ #
5153
+ # @example Response structure
5154
+ #
5155
+ # resp.configuration_policy_id #=> String
5156
+ # resp.target_id #=> String
5157
+ # resp.target_type #=> String, one of "ACCOUNT", "ORGANIZATIONAL_UNIT"
5158
+ # resp.association_type #=> String, one of "INHERITED", "APPLIED"
5159
+ # resp.updated_at #=> Time
5160
+ # resp.association_status #=> String, one of "PENDING", "SUCCESS", "FAILED"
5161
+ # resp.association_status_message #=> String
5162
+ #
5163
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicyAssociation AWS API Documentation
5164
+ #
5165
+ # @overload get_configuration_policy_association(params = {})
5166
+ # @param [Hash] params ({})
5167
+ def get_configuration_policy_association(params = {}, options = {})
5168
+ req = build_request(:get_configuration_policy_association, params)
5169
+ req.send_request(options)
5170
+ end
5171
+
4495
5172
  # Returns a list of the standards that are currently enabled.
4496
5173
  #
4497
5174
  # @option params [Array<String>] :standards_subscription_arns
@@ -5009,6 +5686,8 @@ module Aws::SecurityHub
5009
5686
  # gte: 1.0,
5010
5687
  # lte: 1.0,
5011
5688
  # eq: 1.0,
5689
+ # gt: 1.0,
5690
+ # lt: 1.0,
5012
5691
  # },
5013
5692
  # ],
5014
5693
  # severity_normalized: [
@@ -5016,6 +5695,8 @@ module Aws::SecurityHub
5016
5695
  # gte: 1.0,
5017
5696
  # lte: 1.0,
5018
5697
  # eq: 1.0,
5698
+ # gt: 1.0,
5699
+ # lt: 1.0,
5019
5700
  # },
5020
5701
  # ],
5021
5702
  # severity_label: [
@@ -5029,6 +5710,8 @@ module Aws::SecurityHub
5029
5710
  # gte: 1.0,
5030
5711
  # lte: 1.0,
5031
5712
  # eq: 1.0,
5713
+ # gt: 1.0,
5714
+ # lt: 1.0,
5032
5715
  # },
5033
5716
  # ],
5034
5717
  # criticality: [
@@ -5036,6 +5719,8 @@ module Aws::SecurityHub
5036
5719
  # gte: 1.0,
5037
5720
  # lte: 1.0,
5038
5721
  # eq: 1.0,
5722
+ # gt: 1.0,
5723
+ # lt: 1.0,
5039
5724
  # },
5040
5725
  # ],
5041
5726
  # title: [
@@ -5139,6 +5824,8 @@ module Aws::SecurityHub
5139
5824
  # gte: 1.0,
5140
5825
  # lte: 1.0,
5141
5826
  # eq: 1.0,
5827
+ # gt: 1.0,
5828
+ # lt: 1.0,
5142
5829
  # },
5143
5830
  # ],
5144
5831
  # network_source_domain: [
@@ -5168,6 +5855,8 @@ module Aws::SecurityHub
5168
5855
  # gte: 1.0,
5169
5856
  # lte: 1.0,
5170
5857
  # eq: 1.0,
5858
+ # gt: 1.0,
5859
+ # lt: 1.0,
5171
5860
  # },
5172
5861
  # ],
5173
5862
  # network_destination_domain: [
@@ -5193,6 +5882,8 @@ module Aws::SecurityHub
5193
5882
  # gte: 1.0,
5194
5883
  # lte: 1.0,
5195
5884
  # eq: 1.0,
5885
+ # gt: 1.0,
5886
+ # lt: 1.0,
5196
5887
  # },
5197
5888
  # ],
5198
5889
  # process_parent_pid: [
@@ -5200,6 +5891,8 @@ module Aws::SecurityHub
5200
5891
  # gte: 1.0,
5201
5892
  # lte: 1.0,
5202
5893
  # eq: 1.0,
5894
+ # gt: 1.0,
5895
+ # lt: 1.0,
5203
5896
  # },
5204
5897
  # ],
5205
5898
  # process_launched_at: [
@@ -5504,6 +6197,8 @@ module Aws::SecurityHub
5504
6197
  # gte: 1.0,
5505
6198
  # lte: 1.0,
5506
6199
  # eq: 1.0,
6200
+ # gt: 1.0,
6201
+ # lt: 1.0,
5507
6202
  # },
5508
6203
  # ],
5509
6204
  # finding_provider_fields_criticality: [
@@ -5511,6 +6206,8 @@ module Aws::SecurityHub
5511
6206
  # gte: 1.0,
5512
6207
  # lte: 1.0,
5513
6208
  # eq: 1.0,
6209
+ # gt: 1.0,
6210
+ # lt: 1.0,
5514
6211
  # },
5515
6212
  # ],
5516
6213
  # finding_provider_fields_related_findings_id: [
@@ -5560,7 +6257,49 @@ module Aws::SecurityHub
5560
6257
  # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
5561
6258
  # },
5562
6259
  # ],
5563
- # },
6260
+ # vulnerabilities_exploit_available: [
6261
+ # {
6262
+ # value: "NonEmptyString",
6263
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
6264
+ # },
6265
+ # ],
6266
+ # vulnerabilities_fix_available: [
6267
+ # {
6268
+ # value: "NonEmptyString",
6269
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
6270
+ # },
6271
+ # ],
6272
+ # compliance_security_control_parameters_name: [
6273
+ # {
6274
+ # value: "NonEmptyString",
6275
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
6276
+ # },
6277
+ # ],
6278
+ # compliance_security_control_parameters_value: [
6279
+ # {
6280
+ # value: "NonEmptyString",
6281
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
6282
+ # },
6283
+ # ],
6284
+ # aws_account_name: [
6285
+ # {
6286
+ # value: "NonEmptyString",
6287
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
6288
+ # },
6289
+ # ],
6290
+ # resource_application_name: [
6291
+ # {
6292
+ # value: "NonEmptyString",
6293
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
6294
+ # },
6295
+ # ],
6296
+ # resource_application_arn: [
6297
+ # {
6298
+ # value: "NonEmptyString",
6299
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
6300
+ # },
6301
+ # ],
6302
+ # },
5564
6303
  # sort_criteria: [
5565
6304
  # {
5566
6305
  # field: "NonEmptyString",
@@ -5756,10 +6495,14 @@ module Aws::SecurityHub
5756
6495
  # resp.insights[0].filters.severity_product[0].gte #=> Float
5757
6496
  # resp.insights[0].filters.severity_product[0].lte #=> Float
5758
6497
  # resp.insights[0].filters.severity_product[0].eq #=> Float
6498
+ # resp.insights[0].filters.severity_product[0].gt #=> Float
6499
+ # resp.insights[0].filters.severity_product[0].lt #=> Float
5759
6500
  # resp.insights[0].filters.severity_normalized #=> Array
5760
6501
  # resp.insights[0].filters.severity_normalized[0].gte #=> Float
5761
6502
  # resp.insights[0].filters.severity_normalized[0].lte #=> Float
5762
6503
  # resp.insights[0].filters.severity_normalized[0].eq #=> Float
6504
+ # resp.insights[0].filters.severity_normalized[0].gt #=> Float
6505
+ # resp.insights[0].filters.severity_normalized[0].lt #=> Float
5763
6506
  # resp.insights[0].filters.severity_label #=> Array
5764
6507
  # resp.insights[0].filters.severity_label[0].value #=> String
5765
6508
  # resp.insights[0].filters.severity_label[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
@@ -5767,10 +6510,14 @@ module Aws::SecurityHub
5767
6510
  # resp.insights[0].filters.confidence[0].gte #=> Float
5768
6511
  # resp.insights[0].filters.confidence[0].lte #=> Float
5769
6512
  # resp.insights[0].filters.confidence[0].eq #=> Float
6513
+ # resp.insights[0].filters.confidence[0].gt #=> Float
6514
+ # resp.insights[0].filters.confidence[0].lt #=> Float
5770
6515
  # resp.insights[0].filters.criticality #=> Array
5771
6516
  # resp.insights[0].filters.criticality[0].gte #=> Float
5772
6517
  # resp.insights[0].filters.criticality[0].lte #=> Float
5773
6518
  # resp.insights[0].filters.criticality[0].eq #=> Float
6519
+ # resp.insights[0].filters.criticality[0].gt #=> Float
6520
+ # resp.insights[0].filters.criticality[0].lt #=> Float
5774
6521
  # resp.insights[0].filters.title #=> Array
5775
6522
  # resp.insights[0].filters.title[0].value #=> String
5776
6523
  # resp.insights[0].filters.title[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
@@ -5823,6 +6570,8 @@ module Aws::SecurityHub
5823
6570
  # resp.insights[0].filters.network_source_port[0].gte #=> Float
5824
6571
  # resp.insights[0].filters.network_source_port[0].lte #=> Float
5825
6572
  # resp.insights[0].filters.network_source_port[0].eq #=> Float
6573
+ # resp.insights[0].filters.network_source_port[0].gt #=> Float
6574
+ # resp.insights[0].filters.network_source_port[0].lt #=> Float
5826
6575
  # resp.insights[0].filters.network_source_domain #=> Array
5827
6576
  # resp.insights[0].filters.network_source_domain[0].value #=> String
5828
6577
  # resp.insights[0].filters.network_source_domain[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
@@ -5837,6 +6586,8 @@ module Aws::SecurityHub
5837
6586
  # resp.insights[0].filters.network_destination_port[0].gte #=> Float
5838
6587
  # resp.insights[0].filters.network_destination_port[0].lte #=> Float
5839
6588
  # resp.insights[0].filters.network_destination_port[0].eq #=> Float
6589
+ # resp.insights[0].filters.network_destination_port[0].gt #=> Float
6590
+ # resp.insights[0].filters.network_destination_port[0].lt #=> Float
5840
6591
  # resp.insights[0].filters.network_destination_domain #=> Array
5841
6592
  # resp.insights[0].filters.network_destination_domain[0].value #=> String
5842
6593
  # resp.insights[0].filters.network_destination_domain[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
@@ -5850,10 +6601,14 @@ module Aws::SecurityHub
5850
6601
  # resp.insights[0].filters.process_pid[0].gte #=> Float
5851
6602
  # resp.insights[0].filters.process_pid[0].lte #=> Float
5852
6603
  # resp.insights[0].filters.process_pid[0].eq #=> Float
6604
+ # resp.insights[0].filters.process_pid[0].gt #=> Float
6605
+ # resp.insights[0].filters.process_pid[0].lt #=> Float
5853
6606
  # resp.insights[0].filters.process_parent_pid #=> Array
5854
6607
  # resp.insights[0].filters.process_parent_pid[0].gte #=> Float
5855
6608
  # resp.insights[0].filters.process_parent_pid[0].lte #=> Float
5856
6609
  # resp.insights[0].filters.process_parent_pid[0].eq #=> Float
6610
+ # resp.insights[0].filters.process_parent_pid[0].gt #=> Float
6611
+ # resp.insights[0].filters.process_parent_pid[0].lt #=> Float
5857
6612
  # resp.insights[0].filters.process_launched_at #=> Array
5858
6613
  # resp.insights[0].filters.process_launched_at[0].start #=> String
5859
6614
  # resp.insights[0].filters.process_launched_at[0].end #=> String
@@ -6006,10 +6761,14 @@ module Aws::SecurityHub
6006
6761
  # resp.insights[0].filters.finding_provider_fields_confidence[0].gte #=> Float
6007
6762
  # resp.insights[0].filters.finding_provider_fields_confidence[0].lte #=> Float
6008
6763
  # resp.insights[0].filters.finding_provider_fields_confidence[0].eq #=> Float
6764
+ # resp.insights[0].filters.finding_provider_fields_confidence[0].gt #=> Float
6765
+ # resp.insights[0].filters.finding_provider_fields_confidence[0].lt #=> Float
6009
6766
  # resp.insights[0].filters.finding_provider_fields_criticality #=> Array
6010
6767
  # resp.insights[0].filters.finding_provider_fields_criticality[0].gte #=> Float
6011
6768
  # resp.insights[0].filters.finding_provider_fields_criticality[0].lte #=> Float
6012
6769
  # resp.insights[0].filters.finding_provider_fields_criticality[0].eq #=> Float
6770
+ # resp.insights[0].filters.finding_provider_fields_criticality[0].gt #=> Float
6771
+ # resp.insights[0].filters.finding_provider_fields_criticality[0].lt #=> Float
6013
6772
  # resp.insights[0].filters.finding_provider_fields_related_findings_id #=> Array
6014
6773
  # resp.insights[0].filters.finding_provider_fields_related_findings_id[0].value #=> String
6015
6774
  # resp.insights[0].filters.finding_provider_fields_related_findings_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
@@ -6033,6 +6792,27 @@ module Aws::SecurityHub
6033
6792
  # resp.insights[0].filters.compliance_associated_standards_id #=> Array
6034
6793
  # resp.insights[0].filters.compliance_associated_standards_id[0].value #=> String
6035
6794
  # resp.insights[0].filters.compliance_associated_standards_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
6795
+ # resp.insights[0].filters.vulnerabilities_exploit_available #=> Array
6796
+ # resp.insights[0].filters.vulnerabilities_exploit_available[0].value #=> String
6797
+ # resp.insights[0].filters.vulnerabilities_exploit_available[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
6798
+ # resp.insights[0].filters.vulnerabilities_fix_available #=> Array
6799
+ # resp.insights[0].filters.vulnerabilities_fix_available[0].value #=> String
6800
+ # resp.insights[0].filters.vulnerabilities_fix_available[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
6801
+ # resp.insights[0].filters.compliance_security_control_parameters_name #=> Array
6802
+ # resp.insights[0].filters.compliance_security_control_parameters_name[0].value #=> String
6803
+ # resp.insights[0].filters.compliance_security_control_parameters_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
6804
+ # resp.insights[0].filters.compliance_security_control_parameters_value #=> Array
6805
+ # resp.insights[0].filters.compliance_security_control_parameters_value[0].value #=> String
6806
+ # resp.insights[0].filters.compliance_security_control_parameters_value[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
6807
+ # resp.insights[0].filters.aws_account_name #=> Array
6808
+ # resp.insights[0].filters.aws_account_name[0].value #=> String
6809
+ # resp.insights[0].filters.aws_account_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
6810
+ # resp.insights[0].filters.resource_application_name #=> Array
6811
+ # resp.insights[0].filters.resource_application_name[0].value #=> String
6812
+ # resp.insights[0].filters.resource_application_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
6813
+ # resp.insights[0].filters.resource_application_arn #=> Array
6814
+ # resp.insights[0].filters.resource_application_arn[0].value #=> String
6815
+ # resp.insights[0].filters.resource_application_arn[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
6036
6816
  # resp.insights[0].group_by_attribute #=> String
6037
6817
  # resp.next_token #=> String
6038
6818
  #
@@ -6201,6 +6981,107 @@ module Aws::SecurityHub
6201
6981
  req.send_request(options)
6202
6982
  end
6203
6983
 
6984
+ # Retrieves the definition of a security control. The definition
6985
+ # includes the control title, description, Region availability,
6986
+ # parameter definitions, and other details.
6987
+ #
6988
+ # @option params [required, String] :security_control_id
6989
+ # The ID of the security control to retrieve the definition for. This
6990
+ # field doesn’t accept an Amazon Resource Name (ARN).
6991
+ #
6992
+ # @return [Types::GetSecurityControlDefinitionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
6993
+ #
6994
+ # * {Types::GetSecurityControlDefinitionResponse#security_control_definition #security_control_definition} => Types::SecurityControlDefinition
6995
+ #
6996
+ #
6997
+ # @example Example: To get the definition of a security control.
6998
+ #
6999
+ # # The following example retrieves definition details for the specified security control.
7000
+ #
7001
+ # resp = client.get_security_control_definition({
7002
+ # security_control_id: "EC2.4",
7003
+ # })
7004
+ #
7005
+ # resp.to_h outputs the following:
7006
+ # {
7007
+ # security_control_definition: {
7008
+ # current_region_availability: "AVAILABLE",
7009
+ # description: "This control checks whether an Amazon EC2 instance has been stopped for longer than the allowed number of days. The control fails if an EC2 instance is stopped for longer than the maximum allowed time period. Unless you provide a custom parameter value for the maximum allowed time period, Security Hub uses a default value of 30 days.",
7010
+ # parameter_definitions: {
7011
+ # "AllowedDays" => {
7012
+ # configuration_options: {
7013
+ # integer: {
7014
+ # default_value: 30,
7015
+ # max: 365,
7016
+ # min: 1,
7017
+ # },
7018
+ # },
7019
+ # description: "Number of days the EC2 instance is allowed to be in a stopped state before generating a failed finding",
7020
+ # },
7021
+ # },
7022
+ # remediation_url: "https://docs.aws.amazon.com/console/securityhub/EC2.4/remediation",
7023
+ # security_control_id: "EC2.4",
7024
+ # severity_rating: "MEDIUM",
7025
+ # title: "Stopped Amazon EC2 instances should be removed after a specified time period",
7026
+ # },
7027
+ # }
7028
+ #
7029
+ # @example Request syntax with placeholder values
7030
+ #
7031
+ # resp = client.get_security_control_definition({
7032
+ # security_control_id: "NonEmptyString", # required
7033
+ # })
7034
+ #
7035
+ # @example Response structure
7036
+ #
7037
+ # resp.security_control_definition.security_control_id #=> String
7038
+ # resp.security_control_definition.title #=> String
7039
+ # resp.security_control_definition.description #=> String
7040
+ # resp.security_control_definition.remediation_url #=> String
7041
+ # resp.security_control_definition.severity_rating #=> String, one of "LOW", "MEDIUM", "HIGH", "CRITICAL"
7042
+ # resp.security_control_definition.current_region_availability #=> String, one of "AVAILABLE", "UNAVAILABLE"
7043
+ # resp.security_control_definition.customizable_properties #=> Array
7044
+ # resp.security_control_definition.customizable_properties[0] #=> String, one of "Parameters"
7045
+ # resp.security_control_definition.parameter_definitions #=> Hash
7046
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].description #=> String
7047
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer.default_value #=> Integer
7048
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer.min #=> Integer
7049
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer.max #=> Integer
7050
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.default_value #=> Array
7051
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.default_value[0] #=> Integer
7052
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.min #=> Integer
7053
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.max #=> Integer
7054
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.max_items #=> Integer
7055
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.double.default_value #=> Float
7056
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.double.min #=> Float
7057
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.double.max #=> Float
7058
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string.default_value #=> String
7059
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string.re_2_expression #=> String
7060
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string.expression_description #=> String
7061
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.default_value #=> Array
7062
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.default_value[0] #=> String
7063
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.re_2_expression #=> String
7064
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.max_items #=> Integer
7065
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.expression_description #=> String
7066
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.boolean.default_value #=> Boolean
7067
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum.default_value #=> String
7068
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum.allowed_values #=> Array
7069
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum.allowed_values[0] #=> String
7070
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.default_value #=> Array
7071
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.default_value[0] #=> String
7072
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.max_items #=> Integer
7073
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.allowed_values #=> Array
7074
+ # resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.allowed_values[0] #=> String
7075
+ #
7076
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetSecurityControlDefinition AWS API Documentation
7077
+ #
7078
+ # @overload get_security_control_definition(params = {})
7079
+ # @param [Hash] params ({})
7080
+ def get_security_control_definition(params = {}, options = {})
7081
+ req = build_request(:get_security_control_definition, params)
7082
+ req.send_request(options)
7083
+ end
7084
+
6204
7085
  # Invites other Amazon Web Services accounts to become member accounts
6205
7086
  # for the Security Hub administrator account that the invitation is sent
6206
7087
  # from.
@@ -6349,6 +7230,185 @@ module Aws::SecurityHub
6349
7230
  req.send_request(options)
6350
7231
  end
6351
7232
 
7233
+ # Lists the configuration policies that the Security Hub delegated
7234
+ # administrator has created for your organization. Only the delegated
7235
+ # administrator can invoke this operation from the home Region.
7236
+ #
7237
+ # @option params [String] :next_token
7238
+ # The NextToken value that's returned from a previous paginated
7239
+ # `ListConfigurationPolicies` request where `MaxResults` was used but
7240
+ # the results exceeded the value of that parameter. Pagination continues
7241
+ # from the `MaxResults` was used but the results exceeded the value of
7242
+ # that parameter. Pagination continues from the end of the previous
7243
+ # response that returned the `NextToken` value. This value is `null`
7244
+ # when there are no more results to return.
7245
+ #
7246
+ # @option params [Integer] :max_results
7247
+ # The maximum number of results that's returned by
7248
+ # `ListConfigurationPolicies` in each page of the response. When this
7249
+ # parameter is used, `ListConfigurationPolicies` returns the specified
7250
+ # number of results in a single page and a `NextToken` response element.
7251
+ # You can see the remaining results of the initial request by sending
7252
+ # another `ListConfigurationPolicies` request with the returned
7253
+ # `NextToken` value. A valid range for `MaxResults` is between 1 and
7254
+ # 100.
7255
+ #
7256
+ # @return [Types::ListConfigurationPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7257
+ #
7258
+ # * {Types::ListConfigurationPoliciesResponse#configuration_policy_summaries #configuration_policy_summaries} => Array&lt;Types::ConfigurationPolicySummary&gt;
7259
+ # * {Types::ListConfigurationPoliciesResponse#next_token #next_token} => String
7260
+ #
7261
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
7262
+ #
7263
+ #
7264
+ # @example Example: To view a list of configuration policies
7265
+ #
7266
+ # # This operation provides a list of your configuration policies, including metadata for each policy.
7267
+ #
7268
+ # resp = client.list_configuration_policies({
7269
+ # max_results: 1,
7270
+ # next_token: "U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOhvw3o2JqjI86QDxdf",
7271
+ # })
7272
+ #
7273
+ # resp.to_h outputs the following:
7274
+ # {
7275
+ # configuration_policy_summaries: [
7276
+ # {
7277
+ # arn: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
7278
+ # description: "Configuration policy for testing FSBP and CIS",
7279
+ # id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
7280
+ # name: "TestConfigurationPolicy",
7281
+ # service_enabled: true,
7282
+ # updated_at: Time.parse("2023-01-11T06:17:17.154Z"),
7283
+ # },
7284
+ # ],
7285
+ # next_token: "U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOfvw3o2JqjI86QDxef",
7286
+ # }
7287
+ #
7288
+ # @example Request syntax with placeholder values
7289
+ #
7290
+ # resp = client.list_configuration_policies({
7291
+ # next_token: "NextToken",
7292
+ # max_results: 1,
7293
+ # })
7294
+ #
7295
+ # @example Response structure
7296
+ #
7297
+ # resp.configuration_policy_summaries #=> Array
7298
+ # resp.configuration_policy_summaries[0].arn #=> String
7299
+ # resp.configuration_policy_summaries[0].id #=> String
7300
+ # resp.configuration_policy_summaries[0].name #=> String
7301
+ # resp.configuration_policy_summaries[0].description #=> String
7302
+ # resp.configuration_policy_summaries[0].updated_at #=> Time
7303
+ # resp.configuration_policy_summaries[0].service_enabled #=> Boolean
7304
+ # resp.next_token #=> String
7305
+ #
7306
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPolicies AWS API Documentation
7307
+ #
7308
+ # @overload list_configuration_policies(params = {})
7309
+ # @param [Hash] params ({})
7310
+ def list_configuration_policies(params = {}, options = {})
7311
+ req = build_request(:list_configuration_policies, params)
7312
+ req.send_request(options)
7313
+ end
7314
+
7315
+ # Provides information about the associations for your configuration
7316
+ # policies and self-managed behavior. Only the Security Hub delegated
7317
+ # administrator can invoke this operation from the home Region.
7318
+ #
7319
+ # @option params [String] :next_token
7320
+ # The `NextToken` value that's returned from a previous paginated
7321
+ # `ListConfigurationPolicyAssociations` request where `MaxResults` was
7322
+ # used but the results exceeded the value of that parameter. Pagination
7323
+ # continues from the end of the previous response that returned the
7324
+ # `NextToken` value. This value is `null` when there are no more results
7325
+ # to return.
7326
+ #
7327
+ # @option params [Integer] :max_results
7328
+ # The maximum number of results that's returned by
7329
+ # `ListConfigurationPolicies` in each page of the response. When this
7330
+ # parameter is used, `ListConfigurationPolicyAssociations` returns the
7331
+ # specified number of results in a single page and a `NextToken`
7332
+ # response element. You can see the remaining results of the initial
7333
+ # request by sending another `ListConfigurationPolicyAssociations`
7334
+ # request with the returned `NextToken` value. A valid range for
7335
+ # `MaxResults` is between 1 and 100.
7336
+ #
7337
+ # @option params [Types::AssociationFilters] :filters
7338
+ # Options for filtering the `ListConfigurationPolicyAssociations`
7339
+ # response. You can filter by the Amazon Resource Name (ARN) or
7340
+ # universally unique identifier (UUID) of a configuration,
7341
+ # `AssociationType`, or `AssociationStatus`.
7342
+ #
7343
+ # @return [Types::ListConfigurationPolicyAssociationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7344
+ #
7345
+ # * {Types::ListConfigurationPolicyAssociationsResponse#configuration_policy_association_summaries #configuration_policy_association_summaries} => Array&lt;Types::ConfigurationPolicyAssociationSummary&gt;
7346
+ # * {Types::ListConfigurationPolicyAssociationsResponse#next_token #next_token} => String
7347
+ #
7348
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
7349
+ #
7350
+ #
7351
+ # @example Example: To list configuration associations
7352
+ #
7353
+ # # This operation lists all of the associations between targets and configuration policies or self-managed behavior.
7354
+ # # Targets can include accounts, organizational units, or the root.
7355
+ #
7356
+ # resp = client.list_configuration_policy_associations({
7357
+ # filters: {
7358
+ # association_type: "APPLIED",
7359
+ # },
7360
+ # max_results: 1,
7361
+ # next_token: "U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOhvw3o2JqjI86QDxdf",
7362
+ # })
7363
+ #
7364
+ # resp.to_h outputs the following:
7365
+ # {
7366
+ # configuration_policy_association_summaries: [
7367
+ # {
7368
+ # association_status: "PENDING",
7369
+ # association_type: "APPLIED",
7370
+ # configuration_policy_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
7371
+ # target_id: "123456789012",
7372
+ # target_type: "ACCOUNT",
7373
+ # updated_at: Time.parse("2023-01-11T06:17:17.154Z"),
7374
+ # },
7375
+ # ],
7376
+ # next_token: "U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOfvw3o2JqjI86QDxef",
7377
+ # }
7378
+ #
7379
+ # @example Request syntax with placeholder values
7380
+ #
7381
+ # resp = client.list_configuration_policy_associations({
7382
+ # next_token: "NextToken",
7383
+ # max_results: 1,
7384
+ # filters: {
7385
+ # configuration_policy_id: "NonEmptyString",
7386
+ # association_type: "INHERITED", # accepts INHERITED, APPLIED
7387
+ # association_status: "PENDING", # accepts PENDING, SUCCESS, FAILED
7388
+ # },
7389
+ # })
7390
+ #
7391
+ # @example Response structure
7392
+ #
7393
+ # resp.configuration_policy_association_summaries #=> Array
7394
+ # resp.configuration_policy_association_summaries[0].configuration_policy_id #=> String
7395
+ # resp.configuration_policy_association_summaries[0].target_id #=> String
7396
+ # resp.configuration_policy_association_summaries[0].target_type #=> String, one of "ACCOUNT", "ORGANIZATIONAL_UNIT"
7397
+ # resp.configuration_policy_association_summaries[0].association_type #=> String, one of "INHERITED", "APPLIED"
7398
+ # resp.configuration_policy_association_summaries[0].updated_at #=> Time
7399
+ # resp.configuration_policy_association_summaries[0].association_status #=> String, one of "PENDING", "SUCCESS", "FAILED"
7400
+ # resp.configuration_policy_association_summaries[0].association_status_message #=> String
7401
+ # resp.next_token #=> String
7402
+ #
7403
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPolicyAssociations AWS API Documentation
7404
+ #
7405
+ # @overload list_configuration_policy_associations(params = {})
7406
+ # @param [Hash] params ({})
7407
+ def list_configuration_policy_associations(params = {}, options = {})
7408
+ req = build_request(:list_configuration_policy_associations, params)
7409
+ req.send_request(options)
7410
+ end
7411
+
6352
7412
  # Lists all findings-generating solutions (products) that you are
6353
7413
  # subscribed to receive findings from in Security Hub.
6354
7414
  #
@@ -6742,6 +7802,9 @@ module Aws::SecurityHub
6742
7802
  # security_control_definitions: [
6743
7803
  # {
6744
7804
  # current_region_availability: "AVAILABLE",
7805
+ # customizable_properties: [
7806
+ # "Parameters",
7807
+ # ],
6745
7808
  # description: "This AWS control checks whether ACM Certificates in your account are marked for expiration within a specified time period. Certificates provided by ACM are automatically renewed. ACM does not automatically renew certificates that you import.",
6746
7809
  # remediation_url: "https://docs.aws.amazon.com/console/securityhub/ACM.1/remediation",
6747
7810
  # security_control_id: "ACM.1",
@@ -6750,6 +7813,9 @@ module Aws::SecurityHub
6750
7813
  # },
6751
7814
  # {
6752
7815
  # current_region_availability: "AVAILABLE",
7816
+ # customizable_properties: [
7817
+ # "Parameters",
7818
+ # ],
6753
7819
  # description: "This control checks whether all stages of Amazon API Gateway REST and WebSocket APIs have logging enabled. The control fails if logging is not enabled for all methods of a stage or if loggingLevel is neither ERROR nor INFO.",
6754
7820
  # remediation_url: "https://docs.aws.amazon.com/console/securityhub/APIGateway.1/remediation",
6755
7821
  # security_control_id: "APIGateway.1",
@@ -6784,6 +7850,38 @@ module Aws::SecurityHub
6784
7850
  # resp.security_control_definitions[0].remediation_url #=> String
6785
7851
  # resp.security_control_definitions[0].severity_rating #=> String, one of "LOW", "MEDIUM", "HIGH", "CRITICAL"
6786
7852
  # resp.security_control_definitions[0].current_region_availability #=> String, one of "AVAILABLE", "UNAVAILABLE"
7853
+ # resp.security_control_definitions[0].customizable_properties #=> Array
7854
+ # resp.security_control_definitions[0].customizable_properties[0] #=> String, one of "Parameters"
7855
+ # resp.security_control_definitions[0].parameter_definitions #=> Hash
7856
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].description #=> String
7857
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer.default_value #=> Integer
7858
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer.min #=> Integer
7859
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer.max #=> Integer
7860
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.default_value #=> Array
7861
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.default_value[0] #=> Integer
7862
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.min #=> Integer
7863
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.max #=> Integer
7864
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.max_items #=> Integer
7865
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.double.default_value #=> Float
7866
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.double.min #=> Float
7867
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.double.max #=> Float
7868
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string.default_value #=> String
7869
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string.re_2_expression #=> String
7870
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string.expression_description #=> String
7871
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.default_value #=> Array
7872
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.default_value[0] #=> String
7873
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.re_2_expression #=> String
7874
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.max_items #=> Integer
7875
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.expression_description #=> String
7876
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.boolean.default_value #=> Boolean
7877
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum.default_value #=> String
7878
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum.allowed_values #=> Array
7879
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum.allowed_values[0] #=> String
7880
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.default_value #=> Array
7881
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.default_value[0] #=> String
7882
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.max_items #=> Integer
7883
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.allowed_values #=> Array
7884
+ # resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.allowed_values[0] #=> String
6787
7885
  # resp.next_token #=> String
6788
7886
  #
6789
7887
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListSecurityControlDefinitions AWS API Documentation
@@ -6945,6 +8043,136 @@ module Aws::SecurityHub
6945
8043
  req.send_request(options)
6946
8044
  end
6947
8045
 
8046
+ # Associates a target account, organizational unit, or the root with a
8047
+ # specified configuration. The target can be associated with a
8048
+ # configuration policy or self-managed behavior. Only the Security Hub
8049
+ # delegated administrator can invoke this operation from the home
8050
+ # Region.
8051
+ #
8052
+ # @option params [required, String] :configuration_policy_identifier
8053
+ # The Amazon Resource Name (ARN) or universally unique identifier (UUID)
8054
+ # of the configuration policy.
8055
+ #
8056
+ # @option params [required, Types::Target] :target
8057
+ # The identifier of the target account, organizational unit, or the root
8058
+ # to associate with the specified configuration.
8059
+ #
8060
+ # @return [Types::StartConfigurationPolicyAssociationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
8061
+ #
8062
+ # * {Types::StartConfigurationPolicyAssociationResponse#configuration_policy_id #configuration_policy_id} => String
8063
+ # * {Types::StartConfigurationPolicyAssociationResponse#target_id #target_id} => String
8064
+ # * {Types::StartConfigurationPolicyAssociationResponse#target_type #target_type} => String
8065
+ # * {Types::StartConfigurationPolicyAssociationResponse#association_type #association_type} => String
8066
+ # * {Types::StartConfigurationPolicyAssociationResponse#updated_at #updated_at} => Time
8067
+ # * {Types::StartConfigurationPolicyAssociationResponse#association_status #association_status} => String
8068
+ # * {Types::StartConfigurationPolicyAssociationResponse#association_status_message #association_status_message} => String
8069
+ #
8070
+ #
8071
+ # @example Example: To associate a configuration with a target
8072
+ #
8073
+ # # This operation associates a configuration policy or self-managed behavior with the target account, organizational unit,
8074
+ # # or the root.
8075
+ #
8076
+ # resp = client.start_configuration_policy_association({
8077
+ # configuration_policy_identifier: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
8078
+ # target: {
8079
+ # account_id: "111122223333",
8080
+ # },
8081
+ # })
8082
+ #
8083
+ # resp.to_h outputs the following:
8084
+ # {
8085
+ # association_status: "SUCCESS",
8086
+ # association_status_message: "This field is populated only if the association fails",
8087
+ # association_type: "APPLIED",
8088
+ # configuration_policy_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
8089
+ # target_id: "111122223333",
8090
+ # target_type: "ACCOUNT",
8091
+ # updated_at: Time.parse("2023-01-11T06:17:17.154Z"),
8092
+ # }
8093
+ #
8094
+ # @example Request syntax with placeholder values
8095
+ #
8096
+ # resp = client.start_configuration_policy_association({
8097
+ # configuration_policy_identifier: "NonEmptyString", # required
8098
+ # target: { # required
8099
+ # account_id: "NonEmptyString",
8100
+ # organizational_unit_id: "NonEmptyString",
8101
+ # root_id: "NonEmptyString",
8102
+ # },
8103
+ # })
8104
+ #
8105
+ # @example Response structure
8106
+ #
8107
+ # resp.configuration_policy_id #=> String
8108
+ # resp.target_id #=> String
8109
+ # resp.target_type #=> String, one of "ACCOUNT", "ORGANIZATIONAL_UNIT"
8110
+ # resp.association_type #=> String, one of "INHERITED", "APPLIED"
8111
+ # resp.updated_at #=> Time
8112
+ # resp.association_status #=> String, one of "PENDING", "SUCCESS", "FAILED"
8113
+ # resp.association_status_message #=> String
8114
+ #
8115
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyAssociation AWS API Documentation
8116
+ #
8117
+ # @overload start_configuration_policy_association(params = {})
8118
+ # @param [Hash] params ({})
8119
+ def start_configuration_policy_association(params = {}, options = {})
8120
+ req = build_request(:start_configuration_policy_association, params)
8121
+ req.send_request(options)
8122
+ end
8123
+
8124
+ # Disassociates a target account, organizational unit, or the root from
8125
+ # a specified configuration. When you disassociate a configuration from
8126
+ # its target, the target inherits the configuration of the closest
8127
+ # parent. If there’s no configuration to inherit, the target retains its
8128
+ # settings but becomes a self-managed account. A target can be
8129
+ # disassociated from a configuration policy or self-managed behavior.
8130
+ # Only the Security Hub delegated administrator can invoke this
8131
+ # operation from the home Region.
8132
+ #
8133
+ # @option params [Types::Target] :target
8134
+ # The identifier of the target account, organizational unit, or the root
8135
+ # to disassociate from the specified configuration.
8136
+ #
8137
+ # @option params [required, String] :configuration_policy_identifier
8138
+ # The Amazon Resource Name (ARN) or universally unique identifier (UUID)
8139
+ # of the configuration policy.
8140
+ #
8141
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
8142
+ #
8143
+ #
8144
+ # @example Example: To disassociate a configuration from a target
8145
+ #
8146
+ # # This operation disassociates a configuration policy or self-managed behavior from the target account, organizational
8147
+ # # unit, or the root.
8148
+ #
8149
+ # resp = client.start_configuration_policy_disassociation({
8150
+ # configuration_policy_identifier: "SELF_MANAGED_SECURITY_HUB",
8151
+ # target: {
8152
+ # root_id: "r-f6g7h8i9j0example",
8153
+ # },
8154
+ # })
8155
+ #
8156
+ # @example Request syntax with placeholder values
8157
+ #
8158
+ # resp = client.start_configuration_policy_disassociation({
8159
+ # target: {
8160
+ # account_id: "NonEmptyString",
8161
+ # organizational_unit_id: "NonEmptyString",
8162
+ # root_id: "NonEmptyString",
8163
+ # },
8164
+ # configuration_policy_identifier: "NonEmptyString", # required
8165
+ # })
8166
+ #
8167
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyDisassociation AWS API Documentation
8168
+ #
8169
+ # @overload start_configuration_policy_disassociation(params = {})
8170
+ # @param [Hash] params ({})
8171
+ def start_configuration_policy_disassociation(params = {}, options = {})
8172
+ req = build_request(:start_configuration_policy_disassociation, params)
8173
+ req.send_request(options)
8174
+ end
8175
+
6948
8176
  # Adds one or more tags to a resource.
6949
8177
  #
6950
8178
  # @option params [required, String] :resource_arn
@@ -7070,6 +8298,205 @@ module Aws::SecurityHub
7070
8298
  req.send_request(options)
7071
8299
  end
7072
8300
 
8301
+ # Updates a configuration policy. Only the Security Hub delegated
8302
+ # administrator can invoke this operation from the home Region.
8303
+ #
8304
+ # @option params [required, String] :identifier
8305
+ # The Amazon Resource Name (ARN) or universally unique identifier (UUID)
8306
+ # of the configuration policy.
8307
+ #
8308
+ # @option params [String] :name
8309
+ # The name of the configuration policy.
8310
+ #
8311
+ # @option params [String] :description
8312
+ # The description of the configuration policy.
8313
+ #
8314
+ # @option params [String] :updated_reason
8315
+ # The reason for updating the configuration policy.
8316
+ #
8317
+ # @option params [Types::Policy] :configuration_policy
8318
+ # An object that defines how Security Hub is configured. It includes
8319
+ # whether Security Hub is enabled or disabled, a list of enabled
8320
+ # security standards, a list of enabled or disabled security controls,
8321
+ # and a list of custom parameter values for specified controls. If you
8322
+ # provide a list of security controls that are enabled in the
8323
+ # configuration policy, Security Hub disables all other controls
8324
+ # (including newly released controls). If you provide a list of security
8325
+ # controls that are disabled in the configuration policy, Security Hub
8326
+ # enables all other controls (including newly released controls).
8327
+ #
8328
+ # When updating a configuration policy, provide a complete list of
8329
+ # standards that you want to enable and a complete list of controls that
8330
+ # you want to enable or disable. The updated configuration replaces the
8331
+ # current configuration.
8332
+ #
8333
+ # @return [Types::UpdateConfigurationPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
8334
+ #
8335
+ # * {Types::UpdateConfigurationPolicyResponse#arn #arn} => String
8336
+ # * {Types::UpdateConfigurationPolicyResponse#id #id} => String
8337
+ # * {Types::UpdateConfigurationPolicyResponse#name #name} => String
8338
+ # * {Types::UpdateConfigurationPolicyResponse#description #description} => String
8339
+ # * {Types::UpdateConfigurationPolicyResponse#updated_at #updated_at} => Time
8340
+ # * {Types::UpdateConfigurationPolicyResponse#created_at #created_at} => Time
8341
+ # * {Types::UpdateConfigurationPolicyResponse#configuration_policy #configuration_policy} => Types::Policy
8342
+ #
8343
+ #
8344
+ # @example Example: To update a configuration policy
8345
+ #
8346
+ # # This operation updates the specified configuration policy.
8347
+ #
8348
+ # resp = client.update_configuration_policy({
8349
+ # configuration_policy: {
8350
+ # security_hub: {
8351
+ # enabled_standard_identifiers: [
8352
+ # "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
8353
+ # "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
8354
+ # ],
8355
+ # security_controls_configuration: {
8356
+ # disabled_security_control_identifiers: [
8357
+ # "CloudWatch.1",
8358
+ # "CloudWatch.2",
8359
+ # ],
8360
+ # security_control_custom_parameters: [
8361
+ # {
8362
+ # parameters: {
8363
+ # "daysToExpiration" => {
8364
+ # value: {
8365
+ # integer: 21,
8366
+ # },
8367
+ # value_type: "CUSTOM",
8368
+ # },
8369
+ # },
8370
+ # security_control_id: "ACM.1",
8371
+ # },
8372
+ # ],
8373
+ # },
8374
+ # service_enabled: true,
8375
+ # },
8376
+ # },
8377
+ # description: "Updated configuration policy for testing FSBP and CIS",
8378
+ # identifier: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
8379
+ # name: "TestConfigurationPolicy",
8380
+ # updated_reason: "Enabling ACM.2",
8381
+ # })
8382
+ #
8383
+ # resp.to_h outputs the following:
8384
+ # {
8385
+ # arn: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
8386
+ # configuration_policy: {
8387
+ # security_hub: {
8388
+ # enabled_standard_identifiers: [
8389
+ # "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
8390
+ # "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
8391
+ # ],
8392
+ # security_controls_configuration: {
8393
+ # disabled_security_control_identifiers: [
8394
+ # "CloudWatch.1",
8395
+ # "CloudWatch.2",
8396
+ # ],
8397
+ # security_control_custom_parameters: [
8398
+ # {
8399
+ # parameters: {
8400
+ # "daysToExpiration" => {
8401
+ # value: {
8402
+ # integer: 21,
8403
+ # },
8404
+ # value_type: "CUSTOM",
8405
+ # },
8406
+ # },
8407
+ # security_control_id: "ACM.1",
8408
+ # },
8409
+ # ],
8410
+ # },
8411
+ # service_enabled: true,
8412
+ # },
8413
+ # },
8414
+ # created_at: Time.parse("2023-01-11T06:17:17.154Z"),
8415
+ # description: "Updated configuration policy for testing FSBP and CIS",
8416
+ # id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
8417
+ # name: "TestConfigurationPolicy",
8418
+ # updated_at: Time.parse("2023-01-12T06:17:17.154Z"),
8419
+ # }
8420
+ #
8421
+ # @example Request syntax with placeholder values
8422
+ #
8423
+ # resp = client.update_configuration_policy({
8424
+ # identifier: "NonEmptyString", # required
8425
+ # name: "NonEmptyString",
8426
+ # description: "NonEmptyString",
8427
+ # updated_reason: "NonEmptyString",
8428
+ # configuration_policy: {
8429
+ # security_hub: {
8430
+ # service_enabled: false,
8431
+ # enabled_standard_identifiers: ["NonEmptyString"],
8432
+ # security_controls_configuration: {
8433
+ # enabled_security_control_identifiers: ["NonEmptyString"],
8434
+ # disabled_security_control_identifiers: ["NonEmptyString"],
8435
+ # security_control_custom_parameters: [
8436
+ # {
8437
+ # security_control_id: "NonEmptyString",
8438
+ # parameters: {
8439
+ # "NonEmptyString" => {
8440
+ # value_type: "DEFAULT", # required, accepts DEFAULT, CUSTOM
8441
+ # value: {
8442
+ # integer: 1,
8443
+ # integer_list: [1],
8444
+ # double: 1.0,
8445
+ # string: "NonEmptyString",
8446
+ # string_list: ["NonEmptyString"],
8447
+ # boolean: false,
8448
+ # enum: "NonEmptyString",
8449
+ # enum_list: ["NonEmptyString"],
8450
+ # },
8451
+ # },
8452
+ # },
8453
+ # },
8454
+ # ],
8455
+ # },
8456
+ # },
8457
+ # },
8458
+ # })
8459
+ #
8460
+ # @example Response structure
8461
+ #
8462
+ # resp.arn #=> String
8463
+ # resp.id #=> String
8464
+ # resp.name #=> String
8465
+ # resp.description #=> String
8466
+ # resp.updated_at #=> Time
8467
+ # resp.created_at #=> Time
8468
+ # resp.configuration_policy.security_hub.service_enabled #=> Boolean
8469
+ # resp.configuration_policy.security_hub.enabled_standard_identifiers #=> Array
8470
+ # resp.configuration_policy.security_hub.enabled_standard_identifiers[0] #=> String
8471
+ # resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers #=> Array
8472
+ # resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers[0] #=> String
8473
+ # resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers #=> Array
8474
+ # resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers[0] #=> String
8475
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters #=> Array
8476
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].security_control_id #=> String
8477
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters #=> Hash
8478
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value_type #=> String, one of "DEFAULT", "CUSTOM"
8479
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer #=> Integer
8480
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list #=> Array
8481
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list[0] #=> Integer
8482
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.double #=> Float
8483
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string #=> String
8484
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list #=> Array
8485
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list[0] #=> String
8486
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.boolean #=> Boolean
8487
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum #=> String
8488
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list #=> Array
8489
+ # resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list[0] #=> String
8490
+ #
8491
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateConfigurationPolicy AWS API Documentation
8492
+ #
8493
+ # @overload update_configuration_policy(params = {})
8494
+ # @param [Hash] params ({})
8495
+ def update_configuration_policy(params = {}, options = {})
8496
+ req = build_request(:update_configuration_policy, params)
8497
+ req.send_request(options)
8498
+ end
8499
+
7073
8500
  # Updates the finding aggregation configuration. Used to update the
7074
8501
  # Region linking mode and the list of included or excluded Regions. You
7075
8502
  # cannot use `UpdateFindingAggregator` to change the aggregation Region.
@@ -7279,6 +8706,8 @@ module Aws::SecurityHub
7279
8706
  # gte: 1.0,
7280
8707
  # lte: 1.0,
7281
8708
  # eq: 1.0,
8709
+ # gt: 1.0,
8710
+ # lt: 1.0,
7282
8711
  # },
7283
8712
  # ],
7284
8713
  # severity_normalized: [
@@ -7286,6 +8715,8 @@ module Aws::SecurityHub
7286
8715
  # gte: 1.0,
7287
8716
  # lte: 1.0,
7288
8717
  # eq: 1.0,
8718
+ # gt: 1.0,
8719
+ # lt: 1.0,
7289
8720
  # },
7290
8721
  # ],
7291
8722
  # severity_label: [
@@ -7299,6 +8730,8 @@ module Aws::SecurityHub
7299
8730
  # gte: 1.0,
7300
8731
  # lte: 1.0,
7301
8732
  # eq: 1.0,
8733
+ # gt: 1.0,
8734
+ # lt: 1.0,
7302
8735
  # },
7303
8736
  # ],
7304
8737
  # criticality: [
@@ -7306,6 +8739,8 @@ module Aws::SecurityHub
7306
8739
  # gte: 1.0,
7307
8740
  # lte: 1.0,
7308
8741
  # eq: 1.0,
8742
+ # gt: 1.0,
8743
+ # lt: 1.0,
7309
8744
  # },
7310
8745
  # ],
7311
8746
  # title: [
@@ -7409,6 +8844,8 @@ module Aws::SecurityHub
7409
8844
  # gte: 1.0,
7410
8845
  # lte: 1.0,
7411
8846
  # eq: 1.0,
8847
+ # gt: 1.0,
8848
+ # lt: 1.0,
7412
8849
  # },
7413
8850
  # ],
7414
8851
  # network_source_domain: [
@@ -7438,6 +8875,8 @@ module Aws::SecurityHub
7438
8875
  # gte: 1.0,
7439
8876
  # lte: 1.0,
7440
8877
  # eq: 1.0,
8878
+ # gt: 1.0,
8879
+ # lt: 1.0,
7441
8880
  # },
7442
8881
  # ],
7443
8882
  # network_destination_domain: [
@@ -7463,6 +8902,8 @@ module Aws::SecurityHub
7463
8902
  # gte: 1.0,
7464
8903
  # lte: 1.0,
7465
8904
  # eq: 1.0,
8905
+ # gt: 1.0,
8906
+ # lt: 1.0,
7466
8907
  # },
7467
8908
  # ],
7468
8909
  # process_parent_pid: [
@@ -7470,6 +8911,8 @@ module Aws::SecurityHub
7470
8911
  # gte: 1.0,
7471
8912
  # lte: 1.0,
7472
8913
  # eq: 1.0,
8914
+ # gt: 1.0,
8915
+ # lt: 1.0,
7473
8916
  # },
7474
8917
  # ],
7475
8918
  # process_launched_at: [
@@ -7774,6 +9217,8 @@ module Aws::SecurityHub
7774
9217
  # gte: 1.0,
7775
9218
  # lte: 1.0,
7776
9219
  # eq: 1.0,
9220
+ # gt: 1.0,
9221
+ # lt: 1.0,
7777
9222
  # },
7778
9223
  # ],
7779
9224
  # finding_provider_fields_criticality: [
@@ -7781,6 +9226,8 @@ module Aws::SecurityHub
7781
9226
  # gte: 1.0,
7782
9227
  # lte: 1.0,
7783
9228
  # eq: 1.0,
9229
+ # gt: 1.0,
9230
+ # lt: 1.0,
7784
9231
  # },
7785
9232
  # ],
7786
9233
  # finding_provider_fields_related_findings_id: [
@@ -7830,6 +9277,48 @@ module Aws::SecurityHub
7830
9277
  # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
7831
9278
  # },
7832
9279
  # ],
9280
+ # vulnerabilities_exploit_available: [
9281
+ # {
9282
+ # value: "NonEmptyString",
9283
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
9284
+ # },
9285
+ # ],
9286
+ # vulnerabilities_fix_available: [
9287
+ # {
9288
+ # value: "NonEmptyString",
9289
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
9290
+ # },
9291
+ # ],
9292
+ # compliance_security_control_parameters_name: [
9293
+ # {
9294
+ # value: "NonEmptyString",
9295
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
9296
+ # },
9297
+ # ],
9298
+ # compliance_security_control_parameters_value: [
9299
+ # {
9300
+ # value: "NonEmptyString",
9301
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
9302
+ # },
9303
+ # ],
9304
+ # aws_account_name: [
9305
+ # {
9306
+ # value: "NonEmptyString",
9307
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
9308
+ # },
9309
+ # ],
9310
+ # resource_application_name: [
9311
+ # {
9312
+ # value: "NonEmptyString",
9313
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
9314
+ # },
9315
+ # ],
9316
+ # resource_application_arn: [
9317
+ # {
9318
+ # value: "NonEmptyString",
9319
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
9320
+ # },
9321
+ # ],
7833
9322
  # },
7834
9323
  # note: {
7835
9324
  # text: "NonEmptyString", # required
@@ -7975,6 +9464,8 @@ module Aws::SecurityHub
7975
9464
  # gte: 1.0,
7976
9465
  # lte: 1.0,
7977
9466
  # eq: 1.0,
9467
+ # gt: 1.0,
9468
+ # lt: 1.0,
7978
9469
  # },
7979
9470
  # ],
7980
9471
  # severity_normalized: [
@@ -7982,6 +9473,8 @@ module Aws::SecurityHub
7982
9473
  # gte: 1.0,
7983
9474
  # lte: 1.0,
7984
9475
  # eq: 1.0,
9476
+ # gt: 1.0,
9477
+ # lt: 1.0,
7985
9478
  # },
7986
9479
  # ],
7987
9480
  # severity_label: [
@@ -7995,6 +9488,8 @@ module Aws::SecurityHub
7995
9488
  # gte: 1.0,
7996
9489
  # lte: 1.0,
7997
9490
  # eq: 1.0,
9491
+ # gt: 1.0,
9492
+ # lt: 1.0,
7998
9493
  # },
7999
9494
  # ],
8000
9495
  # criticality: [
@@ -8002,6 +9497,8 @@ module Aws::SecurityHub
8002
9497
  # gte: 1.0,
8003
9498
  # lte: 1.0,
8004
9499
  # eq: 1.0,
9500
+ # gt: 1.0,
9501
+ # lt: 1.0,
8005
9502
  # },
8006
9503
  # ],
8007
9504
  # title: [
@@ -8105,6 +9602,8 @@ module Aws::SecurityHub
8105
9602
  # gte: 1.0,
8106
9603
  # lte: 1.0,
8107
9604
  # eq: 1.0,
9605
+ # gt: 1.0,
9606
+ # lt: 1.0,
8108
9607
  # },
8109
9608
  # ],
8110
9609
  # network_source_domain: [
@@ -8134,6 +9633,8 @@ module Aws::SecurityHub
8134
9633
  # gte: 1.0,
8135
9634
  # lte: 1.0,
8136
9635
  # eq: 1.0,
9636
+ # gt: 1.0,
9637
+ # lt: 1.0,
8137
9638
  # },
8138
9639
  # ],
8139
9640
  # network_destination_domain: [
@@ -8159,6 +9660,8 @@ module Aws::SecurityHub
8159
9660
  # gte: 1.0,
8160
9661
  # lte: 1.0,
8161
9662
  # eq: 1.0,
9663
+ # gt: 1.0,
9664
+ # lt: 1.0,
8162
9665
  # },
8163
9666
  # ],
8164
9667
  # process_parent_pid: [
@@ -8166,6 +9669,8 @@ module Aws::SecurityHub
8166
9669
  # gte: 1.0,
8167
9670
  # lte: 1.0,
8168
9671
  # eq: 1.0,
9672
+ # gt: 1.0,
9673
+ # lt: 1.0,
8169
9674
  # },
8170
9675
  # ],
8171
9676
  # process_launched_at: [
@@ -8470,6 +9975,8 @@ module Aws::SecurityHub
8470
9975
  # gte: 1.0,
8471
9976
  # lte: 1.0,
8472
9977
  # eq: 1.0,
9978
+ # gt: 1.0,
9979
+ # lt: 1.0,
8473
9980
  # },
8474
9981
  # ],
8475
9982
  # finding_provider_fields_criticality: [
@@ -8477,6 +9984,8 @@ module Aws::SecurityHub
8477
9984
  # gte: 1.0,
8478
9985
  # lte: 1.0,
8479
9986
  # eq: 1.0,
9987
+ # gt: 1.0,
9988
+ # lt: 1.0,
8480
9989
  # },
8481
9990
  # ],
8482
9991
  # finding_provider_fields_related_findings_id: [
@@ -8526,6 +10035,48 @@ module Aws::SecurityHub
8526
10035
  # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
8527
10036
  # },
8528
10037
  # ],
10038
+ # vulnerabilities_exploit_available: [
10039
+ # {
10040
+ # value: "NonEmptyString",
10041
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
10042
+ # },
10043
+ # ],
10044
+ # vulnerabilities_fix_available: [
10045
+ # {
10046
+ # value: "NonEmptyString",
10047
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
10048
+ # },
10049
+ # ],
10050
+ # compliance_security_control_parameters_name: [
10051
+ # {
10052
+ # value: "NonEmptyString",
10053
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
10054
+ # },
10055
+ # ],
10056
+ # compliance_security_control_parameters_value: [
10057
+ # {
10058
+ # value: "NonEmptyString",
10059
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
10060
+ # },
10061
+ # ],
10062
+ # aws_account_name: [
10063
+ # {
10064
+ # value: "NonEmptyString",
10065
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
10066
+ # },
10067
+ # ],
10068
+ # resource_application_name: [
10069
+ # {
10070
+ # value: "NonEmptyString",
10071
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
10072
+ # },
10073
+ # ],
10074
+ # resource_application_arn: [
10075
+ # {
10076
+ # value: "NonEmptyString",
10077
+ # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
10078
+ # },
10079
+ # ],
8529
10080
  # },
8530
10081
  # group_by_attribute: "NonEmptyString",
8531
10082
  # })
@@ -8539,44 +10090,63 @@ module Aws::SecurityHub
8539
10090
  req.send_request(options)
8540
10091
  end
8541
10092
 
8542
- # Used to update the configuration related to Organizations. Can only be
8543
- # called from a Security Hub administrator account.
10093
+ # Updates the configuration of your organization in Security Hub. Only
10094
+ # the Security Hub administrator account can invoke this operation.
8544
10095
  #
8545
10096
  # @option params [required, Boolean] :auto_enable
8546
- # Whether to automatically enable Security Hub for new accounts in the
8547
- # organization.
10097
+ # Whether to automatically enable Security Hub in new member accounts
10098
+ # when they join the organization.
8548
10099
  #
8549
- # By default, this is `false`, and new accounts are not added
8550
- # automatically.
10100
+ # If set to `true`, then Security Hub is automatically enabled in new
10101
+ # accounts. If set to `false`, then Security Hub isn't enabled in new
10102
+ # accounts automatically. The default value is `false`.
8551
10103
  #
8552
- # To automatically enable Security Hub for new accounts, set this to
8553
- # `true`.
10104
+ # If the `ConfigurationType` of your organization is set to `CENTRAL`,
10105
+ # then this field is set to `false` and can't be changed in the home
10106
+ # Region and linked Regions. However, in that case, the delegated
10107
+ # administrator can create a configuration policy in which Security Hub
10108
+ # is enabled and associate the policy with new organization accounts.
8554
10109
  #
8555
10110
  # @option params [String] :auto_enable_standards
8556
- # Whether to automatically enable Security Hub [default standards][1]
8557
- # for new member accounts in the organization.
10111
+ # Whether to automatically enable Security Hub [default standards][1] in
10112
+ # new member accounts when they join the organization.
8558
10113
  #
8559
- # By default, this parameter is equal to `DEFAULT`, and new member
8560
- # accounts are automatically enabled with default Security Hub
8561
- # standards.
10114
+ # The default value of this parameter is equal to `DEFAULT`.
8562
10115
  #
8563
- # To opt out of enabling default standards for new member accounts, set
8564
- # this parameter equal to `NONE`.
10116
+ # If equal to `DEFAULT`, then Security Hub default standards are
10117
+ # automatically enabled for new member accounts. If equal to `NONE`,
10118
+ # then default standards are not automatically enabled for new member
10119
+ # accounts.
10120
+ #
10121
+ # If the `ConfigurationType` of your organization is set to `CENTRAL`,
10122
+ # then this field is set to `NONE` and can't be changed in the home
10123
+ # Region and linked Regions. However, in that case, the delegated
10124
+ # administrator can create a configuration policy in which specific
10125
+ # security standards are enabled and associate the policy with new
10126
+ # organization accounts.
8565
10127
  #
8566
10128
  #
8567
10129
  #
8568
10130
  # [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html
8569
10131
  #
10132
+ # @option params [Types::OrganizationConfiguration] :organization_configuration
10133
+ # Provides information about the way an organization is configured in
10134
+ # Security Hub.
10135
+ #
8570
10136
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
8571
10137
  #
8572
10138
  #
8573
10139
  # @example Example: To update organization configuration
8574
10140
  #
8575
- # # The following example updates the configuration for an organization so that Security Hub is automatically activated for
8576
- # # new member accounts. Only the Security Hub administrator account can call this operation.
10141
+ # # This operation updates the way your organization is configured in Security Hub. Only a Security Hub administrator
10142
+ # # account can invoke this operation.
8577
10143
  #
8578
10144
  # resp = client.update_organization_configuration({
8579
- # auto_enable: true,
10145
+ # auto_enable: false,
10146
+ # auto_enable_standards: "NONE",
10147
+ # organization_configuration: {
10148
+ # configuration_type: "CENTRAL",
10149
+ # },
8580
10150
  # })
8581
10151
  #
8582
10152
  # @example Request syntax with placeholder values
@@ -8584,6 +10154,11 @@ module Aws::SecurityHub
8584
10154
  # resp = client.update_organization_configuration({
8585
10155
  # auto_enable: false, # required
8586
10156
  # auto_enable_standards: "NONE", # accepts NONE, DEFAULT
10157
+ # organization_configuration: {
10158
+ # configuration_type: "CENTRAL", # accepts CENTRAL, LOCAL
10159
+ # status: "PENDING", # accepts PENDING, ENABLED, FAILED
10160
+ # status_message: "NonEmptyString",
10161
+ # },
8587
10162
  # })
8588
10163
  #
8589
10164
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateOrganizationConfiguration AWS API Documentation
@@ -8595,6 +10170,74 @@ module Aws::SecurityHub
8595
10170
  req.send_request(options)
8596
10171
  end
8597
10172
 
10173
+ # Updates the properties of a security control.
10174
+ #
10175
+ # @option params [required, String] :security_control_id
10176
+ # The Amazon Resource Name (ARN) or ID of the control to update.
10177
+ #
10178
+ # @option params [required, Hash<String,Types::ParameterConfiguration>] :parameters
10179
+ # An object that specifies which security control parameters to update.
10180
+ #
10181
+ # @option params [String] :last_update_reason
10182
+ # The most recent reason for updating the properties of the security
10183
+ # control. This field accepts alphanumeric characters in addition to
10184
+ # white spaces, dashes, and underscores.
10185
+ #
10186
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
10187
+ #
10188
+ #
10189
+ # @example Example: To update security control properties
10190
+ #
10191
+ # # The following example updates the specified security control. Specifically, this example updates control parameters.
10192
+ #
10193
+ # resp = client.update_security_control({
10194
+ # last_update_reason: "Comply with internal requirements",
10195
+ # parameters: {
10196
+ # "maxCredentialUsageAge" => {
10197
+ # value: {
10198
+ # integer: 15,
10199
+ # },
10200
+ # value_type: "CUSTOM",
10201
+ # },
10202
+ # },
10203
+ # security_control_id: "ACM.1",
10204
+ # })
10205
+ #
10206
+ # resp.to_h outputs the following:
10207
+ # {
10208
+ # }
10209
+ #
10210
+ # @example Request syntax with placeholder values
10211
+ #
10212
+ # resp = client.update_security_control({
10213
+ # security_control_id: "NonEmptyString", # required
10214
+ # parameters: { # required
10215
+ # "NonEmptyString" => {
10216
+ # value_type: "DEFAULT", # required, accepts DEFAULT, CUSTOM
10217
+ # value: {
10218
+ # integer: 1,
10219
+ # integer_list: [1],
10220
+ # double: 1.0,
10221
+ # string: "NonEmptyString",
10222
+ # string_list: ["NonEmptyString"],
10223
+ # boolean: false,
10224
+ # enum: "NonEmptyString",
10225
+ # enum_list: ["NonEmptyString"],
10226
+ # },
10227
+ # },
10228
+ # },
10229
+ # last_update_reason: "AlphaNumericNonEmptyString",
10230
+ # })
10231
+ #
10232
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateSecurityControl AWS API Documentation
10233
+ #
10234
+ # @overload update_security_control(params = {})
10235
+ # @param [Hash] params ({})
10236
+ def update_security_control(params = {}, options = {})
10237
+ req = build_request(:update_security_control, params)
10238
+ req.send_request(options)
10239
+ end
10240
+
8598
10241
  # Updates configuration options for Security Hub.
8599
10242
  #
8600
10243
  # @option params [Boolean] :auto_enable_controls
@@ -8703,7 +10346,7 @@ module Aws::SecurityHub
8703
10346
  params: params,
8704
10347
  config: config)
8705
10348
  context[:gem_name] = 'aws-sdk-securityhub'
8706
- context[:gem_version] = '1.95.0'
10349
+ context[:gem_version] = '1.97.0'
8707
10350
  Seahorse::Client::Request.new(handlers, context)
8708
10351
  end
8709
10352